Analysis
-
max time kernel
7s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
02/10/2023, 19:28
General
-
Target
2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe
-
Size
37KB
-
MD5
57612c214cff45393754eee326362b02
-
SHA1
6135d64968ed3ba8d13a1e47b8d4a4e161a700c8
-
SHA256
aa4bb944e59cfb0b94354fb92ac40faefb4e0b882473d07c3aed59180042c28b
-
SHA512
627ba4b517af93f45f9404af7569aaa0d5cca0254dbbda472b8fcf321b5f98a23c9cfd2b7bfbd61c571294007fac9394cd723a8b7dd677668ba158e80bc312a1
-
SSDEEP
384:uLipZl447piqb/lUYf5uH3w59AMRG5qUIjFgOrjFymqAeO8W8xVLoSzwzARMWEgU:7miiqTfk2AMRGwlFgOrjslLodzAKWs
Score
8/10
Malware Config
Signatures
-
Sets file to hidden 1 TTPs 64 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 20 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 02⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 03⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 04⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 05⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 06⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 07⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 08⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 09⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 010⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 011⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 012⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 013⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 014⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 015⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 016⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 017⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 018⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 019⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 020⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 021⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 022⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 023⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 024⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 025⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 026⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 027⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 028⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 029⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 030⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 031⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 032⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 033⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 034⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 035⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 036⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 037⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 038⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 039⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 040⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 041⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 042⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 043⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 044⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 045⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 046⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 047⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 048⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 049⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 050⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 051⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 052⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 053⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 054⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 055⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 056⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 057⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 058⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 059⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 060⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 061⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 062⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 063⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 064⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 065⤵
- Drops file in Program Files directory
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 066⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 067⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 068⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 069⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 070⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 071⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 072⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 073⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 074⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 075⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 076⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 077⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 078⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 079⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 080⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 081⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 082⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 083⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 084⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 085⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 086⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 087⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 088⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 089⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 090⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 091⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 092⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 093⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 094⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 095⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 096⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 097⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 098⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 099⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0100⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0101⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0102⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0103⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0104⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0105⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0106⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0107⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0108⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0109⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0110⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0111⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0112⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0113⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0114⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0115⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0116⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0117⤵
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_57612c214cff45393754eee326362b02_ransomlock_JC.exe" 0118⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"96⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"96⤵
-
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"94⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"94⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"94⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"93⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"93⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"93⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"93⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"93⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"92⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"92⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"92⤵
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"91⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"91⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"91⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"90⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"90⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"90⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"90⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"89⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"89⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"88⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"88⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"88⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"88⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"87⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"87⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"87⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"86⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"86⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"86⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"86⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"85⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"85⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"84⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"84⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"83⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"83⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"82⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"82⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"82⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"82⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"81⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"81⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"80⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"80⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"80⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"80⤵
- Sets file to hidden
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"79⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"79⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"79⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"79⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"78⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"78⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"78⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"78⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"77⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"77⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"77⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"77⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"76⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"76⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"76⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"76⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"76⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"76⤵
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"75⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"75⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"75⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"75⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"75⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"75⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"75⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"74⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"74⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"74⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"74⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"74⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"74⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"74⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"74⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"73⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"73⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"73⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"73⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"73⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"73⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"73⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"72⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"72⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"72⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"72⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"72⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"72⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"72⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"72⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"71⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"71⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"71⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"71⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"71⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"71⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"71⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"70⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"70⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"70⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"70⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"70⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"70⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"70⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"69⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"69⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"69⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"69⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"69⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"69⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"69⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"69⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"68⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"68⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"68⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"68⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"68⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"68⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"68⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"68⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"67⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"67⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"67⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"67⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"67⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"67⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"67⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"67⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"66⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"66⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"66⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"66⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"66⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"66⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"66⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"66⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"65⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"65⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"65⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"65⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"65⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"65⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"65⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"64⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"64⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"64⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"64⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"64⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"64⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"64⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"63⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"63⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"63⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"63⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"63⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"63⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"63⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"62⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"62⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"62⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"62⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"62⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"62⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"62⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"61⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"61⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"61⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"61⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"61⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"61⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"61⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"61⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"60⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"60⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"60⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"60⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"60⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"60⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"60⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"60⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"59⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"59⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"59⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"59⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"59⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"59⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"59⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"59⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"58⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"58⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"58⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"58⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"58⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"58⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"58⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"57⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"57⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"57⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"57⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"57⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"57⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"57⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"57⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"56⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"56⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"56⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"56⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"56⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"56⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"56⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"56⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"55⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"55⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"55⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"55⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"55⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"55⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"55⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"55⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"54⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"54⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"54⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"54⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"54⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"54⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"54⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"54⤵
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"53⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"53⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"53⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"53⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"53⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"53⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"53⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"53⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"52⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"52⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"52⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"52⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"52⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"52⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"52⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"52⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"51⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"51⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"51⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"51⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"51⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"51⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"51⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"51⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"50⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"50⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"50⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"50⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"50⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"50⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"50⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"50⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"49⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"49⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"49⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"49⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"49⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"49⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"49⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"49⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"48⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"48⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"48⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"48⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"48⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"48⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"48⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"48⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"47⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"47⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"47⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"47⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"47⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"47⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"47⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"47⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"46⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"46⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"46⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"45⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"45⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"45⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"45⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"45⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"45⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"45⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"45⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"45⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"44⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"44⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"44⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"44⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"44⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"44⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"44⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"44⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"43⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"43⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"43⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"43⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"43⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"43⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"43⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"43⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"42⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"42⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"42⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"42⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"42⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"42⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"42⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"42⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"41⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"41⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"41⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"41⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"41⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"41⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"41⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"41⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"40⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"40⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"40⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"40⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"40⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"40⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"40⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"40⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"39⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"39⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"39⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"39⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"39⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"39⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"39⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"39⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"38⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"38⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"38⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"38⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"38⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"38⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"38⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"38⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"37⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"37⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"36⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"36⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"36⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"36⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"36⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"36⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"36⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"36⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"35⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"35⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"34⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"34⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"34⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"34⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"33⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"33⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"32⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"32⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"31⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"31⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"31⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"31⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"31⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"31⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"31⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"31⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"31⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"30⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"30⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"30⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"30⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"30⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"30⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"30⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"30⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"30⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"29⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"29⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"29⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"28⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"28⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"28⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"27⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"27⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"27⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"27⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"27⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"27⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"27⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"27⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"27⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"26⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"26⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"25⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"25⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"25⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"25⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"25⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"24⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"24⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"23⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"23⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"23⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"23⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"23⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"23⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"23⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"23⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"23⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"22⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"22⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"22⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"22⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"22⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"22⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"22⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"22⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"22⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"21⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"21⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"21⤵
- Sets file to hidden
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"20⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"20⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"19⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"19⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"19⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"18⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"18⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"17⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"17⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"16⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"16⤵
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"15⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"15⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"14⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"14⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"14⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"13⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"13⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"12⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jstat.zrz"12⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\rmid.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.zrz"12⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.zrz"12⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"11⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"11⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jdb.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\keytool.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\serialver.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.zrz"11⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.zrz"11⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jstack.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\rmic.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.zrz"10⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.zrz"10⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"9⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"9⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\javac.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jhat.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\kinit.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.zrz"9⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.zrz"9⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\policytool.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.zrz"8⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.zrz"8⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"7⤵
- Drops file in Program Files directory
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\javah.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\javap.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\pack200.zrz"7⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.zrz"7⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.zrz"7⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"6⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Google\Chrome\Application\chrome.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\idlj.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jmap.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\ktab.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.zrz"6⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.zrz"6⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"5⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\apt.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jar.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\javaws.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.zrz"5⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.zrz"5⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\javaw.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\orbd.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.zrz"4⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.zrz"4⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\DW20.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\7-Zip\7z.zrz"3⤵
- Drops file in Program Files directory
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\7-Zip\7zG.zrz"3⤵
- Drops file in Program Files directory
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.zrz"3⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.zrz"3⤵
- Sets file to hidden
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jps.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\xjc.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.zrz"3⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.zrz"3⤵
-
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\MSOCache\All Users\{90140000-0115-0409-0000-0000000FF1CE}-C\dwtrig20.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\7-Zip\7zFM.zrz"2⤵
- Drops file in Program Files directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\7-Zip\Uninstall.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.zrz"2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\mip.zrz"2⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.zrz"2⤵
- Drops file in Program Files directory
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\DVD Maker\DVDMaker.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Google\Chrome\Application\chrome_proxy.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iediagcmd.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ieinstal.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\ielowutil.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Internet Explorer\iexplore.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\java.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\jmc.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\klist.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\servertool.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.zrz"2⤵
-
-
C:\Windows\SysWOW64\attrib.exe"C:\Windows\System32\attrib.exe" +r +h +s +a "C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.zrz"2⤵
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1384187403-2040581818-77668172914207053051194501368-1057414207609889800168027096"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "164124988712972634691414791171-1533940871-218944718-1532890643-334423203-650473511"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "987681607-636707992-15153481072032879926659910072829830517-1123465846-1439445087"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-19980371781100982117-19548113281819276219111263743710186984761344256822-926914294"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1402204133190418710915195833781788233796-16839476241598119152-966291296-398836018"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1485182450-1803053153-1132568276-1951281299318280241-1519397543-10138276-1179516917"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "147015268313236402011521059178-1989638760-1733003544-4211127441428884913-1041518725"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1947340039-881703506-1513577806686733451-1029467678634839660265151644-594940716"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "858468710-456508126-65580566-1647303139466172124-610911999-7670854701960421138"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-70285036213921022401822575700312703363210494577931233426-1673663705-373143373"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1203812391-1274849422-1430040637314784280-16259251227071146373674103501663245520"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "162088213214082010928406987161312887066-985357065-1126841904501386388-2047281714"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "819492801-771869921-1600763294-1176745352-377655063984298123-350980668-1542086087"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1557463991-219553388-7442877791441221481-9490150781803155093-540408609-1946844827"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1124106795212961124-1787050705-1792388516-3115367111496964817188509761365753511"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-5204028121640922454-276531797-12845070911207153801-950374206-17622116131020860716"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2014953557563215071-1767437321-650654029-86736196926156802115209742181550323250"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1142576045441631503-11919814431783355380-184412523-1021105236-1399972478-33127998"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "113807860754939993817284782211628946257170913066751770502-725543742-1114565810"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1925649684149736686157015161-9496739981977631081-2122477538-241290787-721970000"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "843464027-638120285-218179149552449254-491387141288085960-1682719218388271478"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "450549892623228543-141270740-593994998-1515099292-10130038361929839176-1724070167"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-8741164511953623810-17006408698004834671962757784-8498763011442060387-1956258754"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-726843930-1449559331-1798592909-3445651511233762764-17722668512055992213372220788"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1752658286-178025823119417923131534968125-702084120-177623995-17826571241363856759"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "4698641861201844598065578032125337403-28304396815136181191881027394-1027887625"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-17815302678818302351906466806-81337284819669613931491736020590315235721365605"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-808500971-1383671441-205965124-859529988127952434819163430731412864689233480934"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1298016767796689799-451915495-1100425594-1275347228-18439671081515007924-995923239"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "9545040931230964644-7985790415306608721053535896-155137499214057310131634514409"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1173723614922521477-1390822671862620610579953047-946491334-595030446-892081085"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "9564490520719927111999459961-941572515-929773117-2099113407-544227406-1478287800"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
37KB
MD557612c214cff45393754eee326362b02
SHA16135d64968ed3ba8d13a1e47b8d4a4e161a700c8
SHA256aa4bb944e59cfb0b94354fb92ac40faefb4e0b882473d07c3aed59180042c28b
SHA512627ba4b517af93f45f9404af7569aaa0d5cca0254dbbda472b8fcf321b5f98a23c9cfd2b7bfbd61c571294007fac9394cd723a8b7dd677668ba158e80bc312a1