| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\Reader_19.012.20034\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: M:\Recovery\WindowsRE\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: M:\Recovery\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\S\436\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: M:\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\S\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\Setup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\dbg\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\MachineKeys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\Keys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\AsimovUploader\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\CustomTraceProfiles\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\EventTranscript\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\LocalTraceStore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\OfflineSettings\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Scripts\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Sideload\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Siufloc\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\TenantStorage\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\WindowsAnalytics\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\temp\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\Heartbeat\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\AssetCache\CellularUx\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\AssetCache\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\Accounts\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Spectrum\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\SV10-EV100\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Clean Store\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\NisBackup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Features\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Quarantine\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpPayloadData\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\Temp\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Queue\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\SentItems\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\Logs\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\Server\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\ReadMe.txt | Jump to behavior |
| Source: Data1.cab.1.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
| Source: Data1.cab.1.dr | String found in binary or memory: http://evcs-aia.ws.symantec.com/evcs.cer0 |
| Source: Data1.cab.1.dr | String found in binary or memory: http://evcs-crl.ws.symantec.com/evcs.crl0 |
| Source: Data1.cab.1.dr | String found in binary or memory: http://evcs-ocsp.ws.symantec.com04 |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://fontfabrik.com |
| Source: r.exe, 00000000.00000002.487039298.00000000043D0000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000000.00000002.478036079.000000000368A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, AddInProcess32.exe, 00000001.00000002.634213262.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://mmcbkgua72og66w4jz3qcxkkhefax754pg6iknmtfujvkt2j65ffraad.onion/?M01%s |
| Source: AddInProcess32.exe, AddInProcess32.exe, 00000001.00000002.634213262.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://mmcbkgua72og66w4jz3qcxkkhefax754pg6iknmtfujvkt2j65ffraad.onion/?M01UBXEAHOL |
| Source: Data1.cab.1.dr | String found in binary or memory: http://ocsp.thawte.com0 |
| Source: Data1.cab.1.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
| Source: Data1.cab.1.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
| Source: Data1.cab.1.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
| Source: Data1.cab.1.dr | String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd |
| Source: r.exe, 00000000.00000003.370103256.00000000060ED000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.370089003.00000000060EB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.ascendercorp.com/typedesigners.html |
| Source: r.exe, 00000000.00000003.369072379.0000000006110000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.369088713.00000000060EC000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.369110533.0000000006114000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.369072379.0000000006114000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.369110533.0000000006111000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.com |
| Source: r.exe, 00000000.00000003.370012375.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.369726793.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.370089003.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.369858585.00000000060E7000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.370118094.00000000060EB000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.369585883.00000000060E4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.comcrac |
| Source: r.exe, 00000000.00000003.369088713.00000000060EC000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.comitk |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.coml |
| Source: r.exe, 00000000.00000003.369110533.0000000006114000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.carterandcone.comt |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com |
| Source: r.exe, 00000000.00000003.371867796.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371587393.00000000060F5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/? |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
| Source: r.exe, 00000000.00000003.371197049.00000000060EC000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000000.00000003.371197049.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371216166.00000000060F5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers8 |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designers? |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersG |
| Source: r.exe, 00000000.00000003.371551916.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371505733.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371764316.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371726145.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371680077.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371632380.00000000060F5000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.371587393.00000000060F5000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.com/designersJ |
| Source: r.exe, 00000000.00000003.474341111.00000000060E0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.fontbureau.comm |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000000.00000002.477314694.00000000015B7000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.fonts.com |
| Source: r.exe, 00000000.00000003.368717384.00000000060F0000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn |
| Source: r.exe, 00000000.00000003.368899264.00000000060F2000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.368851975.00000000060ED000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/ |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/bThe |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cn/cThe |
| Source: r.exe, 00000000.00000003.368717384.00000000060F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.founder.com.cn/cnht |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/DPlease |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.goodfont.co.kr |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
| Source: AddInProcess32.exe, 00000001.00000003.578781552.000000000432A000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.pelephone.co.il |
| Source: r.exe, 00000000.00000003.367601951.00000000060FB000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000003.367582006.00000000060FB000.00000004.00000020.00020000.00000000.sdmp, r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000000.00000003.367593148.00000000060FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.com |
| Source: r.exe, 00000000.00000003.367612175.00000000060FB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.sajatypeworks.compew |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sakkal.com |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.sandoll.co.kr |
| Source: Data1.cab.1.dr | String found in binary or memory: http://www.symauth.com/cps0( |
| Source: Data1.cab.1.dr | String found in binary or memory: http://www.symauth.com/cps09 |
| Source: Data1.cab.1.dr | String found in binary or memory: http://www.symauth.com/rpa04 |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.tiro.com |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.typography.netD |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.urwpp.deDPlease |
| Source: r.exe, 00000000.00000002.491649517.00000000071F2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://www.zhongyicts.com.cn |
| Source: r.exe, 00000000.00000002.487039298.00000000043D0000.00000004.00000800.00020000.00000000.sdmp, r.exe, 00000000.00000002.478036079.000000000368A000.00000004.00000800.00020000.00000000.sdmp, AddInProcess32.exe, AddInProcess32.exe, 00000001.00000002.634213262.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://www.torproject.org/ |
| Source: AddInProcess32.exe, AddInProcess32.exe, 00000001.00000002.634213262.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: https://yip.su/2QstD5 |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\Reader_19.012.20034\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: M:\Recovery\WindowsRE\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: M:\Recovery\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\S\436\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: M:\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\S\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ARM\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\Setup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Adobe\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\dbg\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\Setup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\AppV\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\MachineKeys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\DSS\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\Keys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\WindowsAIK\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\PCPKSP\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\MachineKeys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\RSA\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Device\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\Task\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Device Stage\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DeviceSync\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\AsimovUploader\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\CustomTraceProfiles\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\AutoLogger\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ETLLogs\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\EventTranscript\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\LocalTraceStore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\OfflineSettings\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Scripts\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Sideload\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\Siufloc\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLanding\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\SoftLandingStage\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\TenantStorage\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\WindowsAnalytics\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\Server\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\DRM\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\temp\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MapData\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\BreadcrumbStore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\NetFramework\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Connections\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\Heartbeat\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\AssetCache\CellularUx\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\AssetCache\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{ee4aac98-c174-4941-82b1-d121e493e4fb}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{f11899f2-71ec-4621-9997-e17ae2f6eb26}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\RunTime\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\Prov\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{fc01e91f-914c-45af-9d7c-0b2e5fbedf62}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Applications\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\Temp\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\Data\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Search\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\Accounts\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Settings\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\MessageStore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\SmsRouter\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Spectrum\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\MV101\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\SV10-EV100\en-US-N\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\SV10-EV100\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\SR\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Speech_OneCore\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Storage Health\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\InboxTemplates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Scripts\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\Templates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\UEV\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\User Account Pictures\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Vault\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WDF\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Clean Store\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\NisBackup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Features\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\LocalCopy\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\Support\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Network Inspection System\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Platform\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Quarantine\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\CacheManager\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\19\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\Latency\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReportLatency\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Results\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Service\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\Store\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\History\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\MpPayloadData\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Scans\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\Temp\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender Advanced Threat Protection\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Common Coverpages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Inbox\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\Queue\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\SentItems\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\VirtualInbox\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSFax\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\MSScan\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows NT\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\Logs\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Security Health\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\Server\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WinMSIPC\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\WwanSvc\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft Help\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\setup\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft OneDrive\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\installcache\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\Java\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Oracle\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\vcRuntimeMinimum_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\vcRuntimeMinimum_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{19F7E289-17B8-44EC-A099-927507B6F739}v14.21.27702\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\vcRuntimeAdditional_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{213668DB-2263-4E2D-ABB8-487FD539130E}v14.21.27702\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{49697869-be8e-427d-81a0-c334d1d14950}\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\vcRuntimeAdditional_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\vcRuntimeMinimum_amd64\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\ReadMe.txt | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | File created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\ReadMe.txt | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Users\user\Desktop\r.exe VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation | Jump to behavior |
| Source: C:\Users\user\Desktop\r.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | Queries volume information: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab VolumeInformation | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | Queries volume information: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp VolumeInformation | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | Queries volume information: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab VolumeInformation | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | Queries volume information: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp VolumeInformation | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | Queries volume information: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab VolumeInformation | Jump to behavior |
| Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe | Queries volume information: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp VolumeInformation | Jump to behavior |
Edit tour
r.exe (PID: 5196 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node