Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'MSFEEditor' = '"<Full path to file>" e'
- <SYSTEM32>\tasks\adobe acrobat update task
- <SYSTEM32>\tasks\microsoft\windows\media center\pbdadiscoveryw1.inprocess
- <SYSTEM32>\tasks\microsoft\windows\shell\windowsparentalcontrolsmigration
- <SYSTEM32>\tasks\microsoft\windows\media center\pbdadiscoveryw2
- <SYSTEM32>\tasks\microsoft\windows\shell\windowsparentalcontrolsmigration.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\pbdadiscoveryw2.inprocess
- <SYSTEM32>\tasks\microsoft\windows\sideshow\autowake
- <SYSTEM32>\tasks\microsoft\windows\shell\windowsparentalcontrols.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\pbdadiscoveryw1
- <SYSTEM32>\tasks\microsoft\windows\sideshow\autowake.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\periodicscanretry.inprocess
- <SYSTEM32>\tasks\microsoft\windows\sideshow\gadgetmanager.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\pvrrecoverytask
- <SYSTEM32>\tasks\microsoft\windows\media center\pvrrecoverytask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\sideshow\sessionagent
- <SYSTEM32>\tasks\microsoft\windows\sideshow\sessionagent.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\periodicscanretry
- <SYSTEM32>\tasks\microsoft\windows\sideshow\gadgetmanager
- <SYSTEM32>\tasks\microsoft\windows\shell\windowsparentalcontrols
- <SYSTEM32>\tasks\microsoft\windows\media center\pbdadiscovery.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\pbdadiscovery
- <SYSTEM32>\tasks\microsoft\windows\media center\mediacenterrecoverytask
- <SYSTEM32>\tasks\microsoft\windows\media center\mediacenterrecoverytask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\ras\mobilitymanager
- <SYSTEM32>\tasks\microsoft\windows\rac\ractask
- <SYSTEM32>\tasks\microsoft\windows\rac\ractask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\ras\mobilitymanager.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\objectstorerecoverytask
- <SYSTEM32>\tasks\microsoft\windows\power efficiency diagnostics\analyzesystem.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\objectstorerecoverytask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\ocuractivate
- <SYSTEM32>\tasks\microsoft\windows\registry\regidlebackup.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\ocuractivate.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\ocurdiscovery
- <SYSTEM32>\tasks\microsoft\windows\media center\ocurdiscovery.inprocess
- <SYSTEM32>\tasks\microsoft\windows\remoteassistance\remoteassistancetask
- <SYSTEM32>\tasks\microsoft\windows\remoteassistance\remoteassistancetask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\registry\regidlebackup
- <SYSTEM32>\tasks\microsoft\windows\media center\pvrscheduletask
- <SYSTEM32>\tasks\microsoft\windows\sideshow\systemdataproviders
- <SYSTEM32>\tasks\microsoft\windows\media center\pvrscheduletask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\sideshow\systemdataproviders.inprocess
- <SYSTEM32>\tasks\microsoft\windows\time synchronization\synchronizetime.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\updaterecordpath
- <SYSTEM32>\tasks\microsoft\windows\media center\updaterecordpath.inprocess
- <SYSTEM32>\tasks\microsoft\windows\upnp\upnphostconfig
- <SYSTEM32>\tasks\microsoft\windows\upnp\upnphostconfig.inprocess
- <SYSTEM32>\tasks\microsoft\windows\user profile service\hiveuploadtask
- <SYSTEM32>\tasks\microsoft\windows\user profile service\hiveuploadtask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\wdi\resolutionhost
- <SYSTEM32>\tasks\microsoft\windows\wdi\resolutionhost.inprocess
- <SYSTEM32>\tasks\microsoft\windows\windows error reporting\queuereporting
- <SYSTEM32>\tasks\microsoft\windows\windows error reporting\queuereporting.inprocess
- <SYSTEM32>\tasks\microsoft\windows\windows filtering platform\bfeonservicestarttypechange
- <SYSTEM32>\tasks\microsoft\windows\windows filtering platform\bfeonservicestarttypechange.inprocess
- <SYSTEM32>\tasks\microsoft\windows\windows media sharing\updatelibrary
- <SYSTEM32>\tasks\microsoft\windows\windows media sharing\updatelibrary.inprocess
- <SYSTEM32>\tasks\microsoft\windows\windowsbackup\confignotification
- <SYSTEM32>\tasks\microsoft\windows\windowsbackup\confignotification.inprocess
- <SYSTEM32>\tasks\microsoft\windows\time synchronization\synchronizetime
- <SYSTEM32>\tasks\microsoft\windows\textservicesframework\msctfmonitor.inprocess
- <SYSTEM32>\tasks\microsoft\windows\tcpip\ipaddressconflict2.inprocess
- <SYSTEM32>\tasks\microsoft\windows\tcpip\ipaddressconflict2
- <SYSTEM32>\tasks\microsoft\windows\softwareprotectionplatform\svcrestarttask
- <SYSTEM32>\tasks\microsoft\windows\softwareprotectionplatform\svcrestarttask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\recordingrestart
- <SYSTEM32>\tasks\microsoft\windows\media center\recordingrestart.inprocess
- <SYSTEM32>\tasks\microsoft\windows\systemrestore\sr
- <SYSTEM32>\tasks\microsoft\windows\systemrestore\sr.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\registersearch
- <SYSTEM32>\tasks\microsoft\windows\media center\registersearch.inprocess
- <SYSTEM32>\tasks\microsoft\windows\task manager\interactive
- <SYSTEM32>\tasks\microsoft\windows\task manager\interactive.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\reindexsearchroot
- <SYSTEM32>\tasks\microsoft\windows\media center\reindexsearchroot.inprocess
- <SYSTEM32>\tasks\microsoft\windows\tcpip\ipaddressconflict1
- <SYSTEM32>\tasks\microsoft\windows\tcpip\ipaddressconflict1.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\sqlliterecoverytask
- <SYSTEM32>\tasks\microsoft\windows\media center\sqlliterecoverytask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\textservicesframework\msctfmonitor
- <SYSTEM32>\tasks\microsoft\windows\windowscolorsystem\calibration loader
- <SYSTEM32>\tasks\microsoft\windows\power efficiency diagnostics\analyzesystem
- <SYSTEM32>\tasks\microsoft\windows\media center\mcupdate.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\mcupdate
- <SYSTEM32>\tasks\microsoft\windows\autochk\proxy
- <SYSTEM32>\tasks\microsoft\windows\autochk\proxy.inprocess
- <SYSTEM32>\tasks\microsoft\windows\application experience\programdataupdater
- <SYSTEM32>\tasks\microsoft\windows\application experience\programdataupdater.inprocess
- <SYSTEM32>\tasks\microsoft\windows\bluetooth\uninstalldevicetask
- <SYSTEM32>\tasks\microsoft\windows\bluetooth\uninstalldevicetask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\appid\verifiedpublishercertstorecheck.inprocess
- <SYSTEM32>\tasks\microsoft\windows\application experience\aitagent.inprocess
- <SYSTEM32>\tasks\microsoft\windows\certificateservicesclient\systemtask
- <SYSTEM32>\tasks\microsoft\windows\customer experience improvement program\consolidator.inprocess
- <SYSTEM32>\tasks\microsoft\windows\certificateservicesclient\usertask
- <SYSTEM32>\tasks\microsoft\windows\certificateservicesclient\usertask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\defrag\scheduleddefrag
- <SYSTEM32>\tasks\microsoft\windows\customer experience improvement program\kernelceiptask
- <SYSTEM32>\tasks\microsoft\windows\defrag\scheduleddefrag.inprocess
- <SYSTEM32>\tasks\microsoft\windows\certificateservicesclient\systemtask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\customer experience improvement program\consolidator
- <SYSTEM32>\tasks\microsoft\windows\appid\verifiedpublishercertstorecheck
- <SYSTEM32>\tasks\microsoft\windows\application experience\aitagent
- <SYSTEM32>\tasks\microsoft\windows\appid\policyconverter.inprocess
- <SYSTEM32>\tasks\!!!how_to_decrypt!!!.mht
- <SYSTEM32>\tasks\opera scheduled autoupdate 1694565166
- <SYSTEM32>\tasks\opera scheduled autoupdate 1694565166.inprocess
- <SYSTEM32>\tasks\mozilla\firefox default browser agent 308046b0af4a39cb
- <SYSTEM32>\tasks\mozilla\firefox default browser agent 308046b0af4a39cb.inprocess
- <SYSTEM32>\tasks\officesoftwareprotectionplatform\svcrestarttask
- <SYSTEM32>\tasks\officesoftwareprotectionplatform\svcrestarttask.inprocess
- <SYSTEM32>\tasks\adobe acrobat update task.inprocess
- <SYSTEM32>\tasks\microsoft\windows defender\mp scheduled scan
- <SYSTEM32>\tasks\microsoft\windows defender\mpidletask
- <SYSTEM32>\tasks\microsoft\windows defender\mpidletask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\active directory rights management services client\ad rms rights policy template management (automated)
- <SYSTEM32>\tasks\microsoft\windows\active directory rights management services client\ad rms rights policy template management (automated).inprocess
- <SYSTEM32>\tasks\microsoft\windows\active directory rights management services client\ad rms rights policy template management (manual)
- <SYSTEM32>\tasks\microsoft\windows\appid\policyconverter
- <SYSTEM32>\tasks\microsoft\windows\active directory rights management services client\ad rms rights policy template management (manual).inprocess
- <SYSTEM32>\tasks\microsoft\windows defender\mp scheduled scan.inprocess
- <SYSTEM32>\tasks\microsoft\windows\customer experience improvement program\kernelceiptask.inprocess
- <SYSTEM32>\tasks\microsoft\windows\certificateservicesclient\usertask-roam
- <SYSTEM32>\tasks\microsoft\windows\certificateservicesclient\usertask-roam.inprocess
- <SYSTEM32>\tasks\microsoft\windows\customer experience improvement program\usbceip
- <SYSTEM32>\tasks\microsoft\windows\mui\lpremove
- <SYSTEM32>\tasks\microsoft\windows\mui\lpremove.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\dispatchrecoverytasks
- <SYSTEM32>\tasks\microsoft\windows\memorydiagnostic\decompressionfailuredetector
- <SYSTEM32>\tasks\microsoft\windows\memorydiagnostic\decompressionfailuredetector.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\dispatchrecoverytasks.inprocess
- <SYSTEM32>\tasks\microsoft\windows\nettrace\gathernetworkinfo
- <SYSTEM32>\tasks\microsoft\windows\nettrace\gathernetworkinfo.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\ehdrminit
- <SYSTEM32>\tasks\microsoft\windows\media center\ehdrminit.inprocess
- <SYSTEM32>\tasks\microsoft\windows\offline files\background synchronization
- <SYSTEM32>\tasks\microsoft\windows\offline files\background synchronization.inprocess
- <SYSTEM32>\tasks\microsoft\windows\perftrack\backgroundconfigsurveyor
- <SYSTEM32>\tasks\microsoft\windows\perftrack\backgroundconfigsurveyor.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\installplayready
- <SYSTEM32>\tasks\microsoft\windows\media center\installplayready.inprocess
- <SYSTEM32>\tasks\microsoft\windows\offline files\logon synchronization
- <SYSTEM32>\tasks\microsoft\windows\multimedia\systemsoundsservice.inprocess
- <SYSTEM32>\tasks\microsoft\windows\mobilepc\hotstart
- <SYSTEM32>\tasks\microsoft\windows\mobilepc\hotstart.inprocess
- <SYSTEM32>\tasks\microsoft\windows\multimedia\systemsoundsservice
- <SYSTEM32>\tasks\microsoft\windows\customer experience improvement program\usbceip.inprocess
- <SYSTEM32>\tasks\microsoft\windows\diagnosis\scheduled
- <SYSTEM32>\tasks\microsoft\windows\diagnosis\scheduled.inprocess
- <SYSTEM32>\tasks\microsoft\windows\diskdiagnostic\microsoft-windows-diskdiagnosticdatacollector
- <SYSTEM32>\tasks\microsoft\windows\diskdiagnostic\microsoft-windows-diskdiagnosticdatacollector.inprocess
- <SYSTEM32>\tasks\microsoft\windows\location\notifications
- <SYSTEM32>\tasks\microsoft\windows\location\notifications.inprocess
- <SYSTEM32>\tasks\microsoft\windows\maintenance\winsat
- <SYSTEM32>\tasks\microsoft\windows\maintenance\winsat.inprocess
- <SYSTEM32>\tasks\microsoft\windows\diskdiagnostic\microsoft-windows-diskdiagnosticresolver
- <SYSTEM32>\tasks\microsoft\windows\diskdiagnostic\microsoft-windows-diskdiagnosticresolver.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\activatewindowssearch
- <SYSTEM32>\tasks\microsoft\windows\media center\activatewindowssearch.inprocess
- <SYSTEM32>\tasks\microsoft\windows\memorydiagnostic\corruptiondetector
- <SYSTEM32>\tasks\microsoft\windows\memorydiagnostic\corruptiondetector.inprocess
- <SYSTEM32>\tasks\microsoft\windows\media center\configureinternettimeservice
- <SYSTEM32>\tasks\microsoft\windows\media center\configureinternettimeservice.inprocess
- <SYSTEM32>\tasks\microsoft\windows\offline files\logon synchronization.inprocess
- <SYSTEM32>\tasks\microsoft\windows\windowscolorsystem\calibration loader.inprocess
- <Drive name for removable media>:\split.avi
- <Drive name for removable media>:\sdkfailsafeemulator.cer
- <Drive name for removable media>:\testee.cer.inprocess
- <Drive name for removable media>:\testee.cer
- <Drive name for removable media>:\sdksampleunprivdeveloper.cer.inprocess
- <Drive name for removable media>:\sdksampleunprivdeveloper.cer
- <Drive name for removable media>:\contosoroot.cer.inprocess
- <Drive name for removable media>:\contosoroot.cer
- <Drive name for removable media>:\sdksampleprivdeveloper.cer.inprocess
- <Drive name for removable media>:\sdksampleprivdeveloper.cer
- <Drive name for removable media>:\pmd.cer.inprocess
- <Drive name for removable media>:\pmd.cer
- <Drive name for removable media>:\contoso.cer.inprocess
- <Drive name for removable media>:\contoso.cer
- <Drive name for removable media>:\dashborder_144.bmp.inprocess
- <Drive name for removable media>:\dashborder_144.bmp
- <Drive name for removable media>:\toolbar.bmp.inprocess
- <Drive name for removable media>:\toolbar.bmp
- <Drive name for removable media>:\coffee.bmp.inprocess
- <Drive name for removable media>:\coffee.bmp
- <Drive name for removable media>:\dashborder_120.bmp.inprocess
- <Drive name for removable media>:\dashborder_120.bmp
- <Drive name for removable media>:\join.avi.inprocess
- <Drive name for removable media>:\join.avi
- <Drive name for removable media>:\correct.avi.inprocess
- <Drive name for removable media>:\correct.avi
- <Drive name for removable media>:\!!!how_to_decrypt!!!.mht
- <Drive name for removable media>:\split.avi.inprocess
- <Drive name for removable media>:\sdkfailsafeemulator.cer.inprocess
- <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc
- System Restore (SR)
- %APPDATA%\key.file
- g:\boot\sv-se\!!!how_to_decrypt!!!.mht
- g:\boot\tr-tr\!!!how_to_decrypt!!!.mht
- g:\boot\pt-pt\!!!how_to_decrypt!!!.mht
- g:\boot\ru-ru\!!!how_to_decrypt!!!.mht
- g:\boot\pt-br\!!!how_to_decrypt!!!.mht
- g:\boot\pl-pl\!!!how_to_decrypt!!!.mht
- g:\boot\zh-cn\!!!how_to_decrypt!!!.mht
- g:\boot\nl-nl\!!!how_to_decrypt!!!.mht
- g:\boot\ko-kr\!!!how_to_decrypt!!!.mht
- g:\boot\ja-jp\!!!how_to_decrypt!!!.mht
- g:\boot\it-it\!!!how_to_decrypt!!!.mht
- g:\boot\hu-hu\!!!how_to_decrypt!!!.mht
- g:\boot\fr-fr\!!!how_to_decrypt!!!.mht
- g:\boot\fi-fi\!!!how_to_decrypt!!!.mht
- g:\boot\nb-no\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\access.en-us\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\favorites\windows live\!!!how_to_decrypt!!!.mht
- C:\users\public\libraries\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\favorites\msn websites\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\favorites\links for united states\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\favorites\microsoft websites\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\favorites\links\!!!how_to_decrypt!!!.mht
- C:\users\public\recorded tv\sample media\!!!how_to_decrypt!!!.mht
- C:\users\public\music\sample music\!!!how_to_decrypt!!!.mht
- g:\boot\fonts\!!!how_to_decrypt!!!.mht
- C:\users\public\pictures\sample pictures\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\!!!how_to_decrypt!!!.mht
- <SYSTEM32>\config\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\searches\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\contacts\!!!how_to_decrypt!!!.mht
- g:\boot\zh-hk\!!!how_to_decrypt!!!.mht
- g:\boot\zh-tw\!!!how_to_decrypt!!!.mht
- g:\boot\es-es\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- %HOMEPATH%\!!!how_to_decrypt!!!.mht
- C:\users\default\!!!how_to_decrypt!!!.mht
- %ProgramFiles%\mozilla thunderbird\!!!how_to_decrypt!!!.mht
- %ProgramFiles%\mozilla firefox\!!!how_to_decrypt!!!.mht
- g:\boot\!!!how_to_decrypt!!!.mht
- g:\bootsect.bak.inprocess
- C:\recovery\4cc8e8a4-51d2-11ee-b826-9a90d4dcffb5\!!!how_to_decrypt!!!.mht
- g:\!!!how_to_decrypt!!!.mht
- D:\!!!how_to_decrypt!!!.mht
- C:\users\public\desktop\!!!how_to_decrypt!!!.mht
- C:\!!!how_to_decrypt!!!.mht
- g:\$recycle.bin\s-1-5-21-3150914307-1777937420-491476919-1000\desktop.ini
- %HOMEPATH%\desktop\readme_lock.txt
- %HOMEPATH%\desktop\!!!how_to_decrypt!!!.mht
- C:\kms\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- g:\boot\el-gr\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- g:\boot\de-de\!!!how_to_decrypt!!!.mht
- g:\boot\da-dk\!!!how_to_decrypt!!!.mht
- g:\boot\cs-cz\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0117-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0115-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-00ba-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- g:\boot\en-us\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-00a1-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- C:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\!!!how_to_decrypt!!!.mht
- %WINDIR%\panther\!!!how_to_decrypt!!!.mht
- C:\users\public\videos\sample videos\!!!how_to_decrypt!!!.mht
- g:\bootsect.bak.1btc
- from %WINDIR%\panther\setupinfo to %WINDIR%\panther\setupinfo.inprocess
- from <SYSTEM32>\logfiles\scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e to <SYSTEM32>\logfiles\scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e.inprocess
- from <SYSTEM32>\logfiles\scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e.inprocess to <SYSTEM32>\logfiles\scm\ca4b8ff2-a4d2-4d88-a52e-3a5bdaf7f56e.1btc
- from <SYSTEM32>\logfiles\scm\cb08f6d6-1019-4ec0-82a0-ce7521e25136 to <SYSTEM32>\logfiles\scm\cb08f6d6-1019-4ec0-82a0-ce7521e25136.inprocess
- from <SYSTEM32>\logfiles\scm\cb08f6d6-1019-4ec0-82a0-ce7521e25136.inprocess to <SYSTEM32>\logfiles\scm\cb08f6d6-1019-4ec0-82a0-ce7521e25136.1btc
- from <SYSTEM32>\logfiles\scm\cb3d64bf-c0c9-45ff-bfb0-ff1a8f680186 to <SYSTEM32>\logfiles\scm\cb3d64bf-c0c9-45ff-bfb0-ff1a8f680186.inprocess
- from <SYSTEM32>\logfiles\scm\cb3d64bf-c0c9-45ff-bfb0-ff1a8f680186.inprocess to <SYSTEM32>\logfiles\scm\cb3d64bf-c0c9-45ff-bfb0-ff1a8f680186.1btc
- from <SYSTEM32>\logfiles\scm\cee64558-e1a7-4d9d-80a7-2001912be5b5 to <SYSTEM32>\logfiles\scm\cee64558-e1a7-4d9d-80a7-2001912be5b5.inprocess
- from <SYSTEM32>\logfiles\scm\cee64558-e1a7-4d9d-80a7-2001912be5b5.inprocess to <SYSTEM32>\logfiles\scm\cee64558-e1a7-4d9d-80a7-2001912be5b5.1btc
- from <SYSTEM32>\logfiles\scm\d0250f3f-6480-484f-b719-42f659ac64d5 to <SYSTEM32>\logfiles\scm\d0250f3f-6480-484f-b719-42f659ac64d5.inprocess
- from <SYSTEM32>\logfiles\scm\b0cbab43-44fc-469b-a4ce-87426761fdce to <SYSTEM32>\logfiles\scm\b0cbab43-44fc-469b-a4ce-87426761fdce.inprocess
- from <SYSTEM32>\logfiles\scm\d0250f3f-6480-484f-b719-42f659ac64d5.inprocess to <SYSTEM32>\logfiles\scm\d0250f3f-6480-484f-b719-42f659ac64d5.1btc
- from <SYSTEM32>\logfiles\scm\d292ea93-3514-4d36-8f67-8b05e1d5fafc.inprocess to <SYSTEM32>\logfiles\scm\d292ea93-3514-4d36-8f67-8b05e1d5fafc.1btc
- from <SYSTEM32>\logfiles\scm\d44c8ba6-8fb0-42da-b09f-1de8294f94bc to <SYSTEM32>\logfiles\scm\d44c8ba6-8fb0-42da-b09f-1de8294f94bc.inprocess
- from <SYSTEM32>\logfiles\scm\d44c8ba6-8fb0-42da-b09f-1de8294f94bc.inprocess to <SYSTEM32>\logfiles\scm\d44c8ba6-8fb0-42da-b09f-1de8294f94bc.1btc
- from <SYSTEM32>\logfiles\scm\d7b6e81d-3cf4-432c-84d2-24213f4316e6 to <SYSTEM32>\logfiles\scm\d7b6e81d-3cf4-432c-84d2-24213f4316e6.inprocess
- from <SYSTEM32>\logfiles\scm\d7b6e81d-3cf4-432c-84d2-24213f4316e6.inprocess to <SYSTEM32>\logfiles\scm\d7b6e81d-3cf4-432c-84d2-24213f4316e6.1btc
- from <SYSTEM32>\logfiles\scm\d848d7bf-fad9-44f7-9f4c-20b83063de64 to <SYSTEM32>\logfiles\scm\d848d7bf-fad9-44f7-9f4c-20b83063de64.inprocess
- from <SYSTEM32>\logfiles\scm\d848d7bf-fad9-44f7-9f4c-20b83063de64.inprocess to <SYSTEM32>\logfiles\scm\d848d7bf-fad9-44f7-9f4c-20b83063de64.1btc
- from <SYSTEM32>\logfiles\scm\da41de71-8431-42fb-9db0-eb64a961dead to <SYSTEM32>\logfiles\scm\da41de71-8431-42fb-9db0-eb64a961dead.inprocess
- from <SYSTEM32>\logfiles\scm\da41de71-8431-42fb-9db0-eb64a961dead.inprocess to <SYSTEM32>\logfiles\scm\da41de71-8431-42fb-9db0-eb64a961dead.1btc
- from <SYSTEM32>\logfiles\scm\c85a6737-0af5-4420-a26d-0cc507aa60a3 to <SYSTEM32>\logfiles\scm\c85a6737-0af5-4420-a26d-0cc507aa60a3.inprocess
- from <SYSTEM32>\logfiles\scm\c85a6737-0af5-4420-a26d-0cc507aa60a3.inprocess to <SYSTEM32>\logfiles\scm\c85a6737-0af5-4420-a26d-0cc507aa60a3.1btc
- from <SYSTEM32>\logfiles\scm\c153624b-5bf8-478e-b750-cbd2d47b8287.inprocess to <SYSTEM32>\logfiles\scm\c153624b-5bf8-478e-b750-cbd2d47b8287.1btc
- from <SYSTEM32>\logfiles\scm\c153624b-5bf8-478e-b750-cbd2d47b8287 to <SYSTEM32>\logfiles\scm\c153624b-5bf8-478e-b750-cbd2d47b8287.inprocess
- from <SYSTEM32>\logfiles\scm\c016366b-7126-46ca-b36b-592a3d95a60b.inprocess to <SYSTEM32>\logfiles\scm\c016366b-7126-46ca-b36b-592a3d95a60b.1btc
- from <SYSTEM32>\logfiles\scm\a65c83d2-89cb-4e55-8451-36fc63248327.inprocess to <SYSTEM32>\logfiles\scm\a65c83d2-89cb-4e55-8451-36fc63248327.1btc
- from <SYSTEM32>\logfiles\scm\a6af9377-77ce-47ab-ad7d-ec32cad0c82d to <SYSTEM32>\logfiles\scm\a6af9377-77ce-47ab-ad7d-ec32cad0c82d.inprocess
- from <SYSTEM32>\logfiles\scm\a6af9377-77ce-47ab-ad7d-ec32cad0c82d.inprocess to <SYSTEM32>\logfiles\scm\a6af9377-77ce-47ab-ad7d-ec32cad0c82d.1btc
- from <SYSTEM32>\logfiles\scm\a7c73732-9f11-4281-8d19-764d4ec9d94d to <SYSTEM32>\logfiles\scm\a7c73732-9f11-4281-8d19-764d4ec9d94d.inprocess
- from <SYSTEM32>\logfiles\scm\a7c73732-9f11-4281-8d19-764d4ec9d94d.inprocess to <SYSTEM32>\logfiles\scm\a7c73732-9f11-4281-8d19-764d4ec9d94d.1btc
- from <SYSTEM32>\catroot2\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\catdb.inprocess to <SYSTEM32>\catroot2\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\catdb.1btc
- from <SYSTEM32>\logfiles\scm\ac4e5acf-89f7-4220-ba21-81ee183975e2 to <SYSTEM32>\logfiles\scm\ac4e5acf-89f7-4220-ba21-81ee183975e2.inprocess
- from <SYSTEM32>\logfiles\scm\ac4e5acf-89f7-4220-ba21-81ee183975e2.inprocess to <SYSTEM32>\logfiles\scm\ac4e5acf-89f7-4220-ba21-81ee183975e2.1btc
- from <SYSTEM32>\logfiles\scm\ac668097-4d6b-4093-ac14-014c09dbf820 to <SYSTEM32>\logfiles\scm\ac668097-4d6b-4093-ac14-014c09dbf820.inprocess
- from <SYSTEM32>\logfiles\scm\dd9f510c-95f4-499a-90c8-bac5bc372ff4 to <SYSTEM32>\logfiles\scm\dd9f510c-95f4-499a-90c8-bac5bc372ff4.inprocess
- from <SYSTEM32>\logfiles\scm\d292ea93-3514-4d36-8f67-8b05e1d5fafc to <SYSTEM32>\logfiles\scm\d292ea93-3514-4d36-8f67-8b05e1d5fafc.inprocess
- from <SYSTEM32>\logfiles\scm\ac668097-4d6b-4093-ac14-014c09dbf820.inprocess to <SYSTEM32>\logfiles\scm\ac668097-4d6b-4093-ac14-014c09dbf820.1btc
- from <SYSTEM32>\logfiles\scm\b64c89b9-c750-44ac-8615-b9f61a39db8c to <SYSTEM32>\logfiles\scm\b64c89b9-c750-44ac-8615-b9f61a39db8c.inprocess
- from <SYSTEM32>\logfiles\scm\b64c89b9-c750-44ac-8615-b9f61a39db8c.inprocess to <SYSTEM32>\logfiles\scm\b64c89b9-c750-44ac-8615-b9f61a39db8c.1btc
- from <SYSTEM32>\logfiles\scm\b6890242-f99f-4cd5-8a68-4dcc2c027602 to <SYSTEM32>\logfiles\scm\b6890242-f99f-4cd5-8a68-4dcc2c027602.inprocess
- from <SYSTEM32>\logfiles\scm\b6890242-f99f-4cd5-8a68-4dcc2c027602.inprocess to <SYSTEM32>\logfiles\scm\b6890242-f99f-4cd5-8a68-4dcc2c027602.1btc
- from <SYSTEM32>\logfiles\scm\b7d28f2f-15f7-4bc7-80da-207f07a083b4 to <SYSTEM32>\logfiles\scm\b7d28f2f-15f7-4bc7-80da-207f07a083b4.inprocess
- from <SYSTEM32>\logfiles\scm\b7d28f2f-15f7-4bc7-80da-207f07a083b4.inprocess to <SYSTEM32>\logfiles\scm\b7d28f2f-15f7-4bc7-80da-207f07a083b4.1btc
- from <SYSTEM32>\logfiles\scm\be669c13-8165-4536-96d0-6d6c39292aae to <SYSTEM32>\logfiles\scm\be669c13-8165-4536-96d0-6d6c39292aae.inprocess
- from <SYSTEM32>\logfiles\scm\be669c13-8165-4536-96d0-6d6c39292aae.inprocess to <SYSTEM32>\logfiles\scm\be669c13-8165-4536-96d0-6d6c39292aae.1btc
- from <SYSTEM32>\logfiles\scm\c016366b-7126-46ca-b36b-592a3d95a60b to <SYSTEM32>\logfiles\scm\c016366b-7126-46ca-b36b-592a3d95a60b.inprocess
- from <SYSTEM32>\logfiles\scm\a65c83d2-89cb-4e55-8451-36fc63248327 to <SYSTEM32>\logfiles\scm\a65c83d2-89cb-4e55-8451-36fc63248327.inprocess
- from <SYSTEM32>\logfiles\scm\b0cbab43-44fc-469b-a4ce-87426761fdce.inprocess to <SYSTEM32>\logfiles\scm\b0cbab43-44fc-469b-a4ce-87426761fdce.1btc
- from <SYSTEM32>\logfiles\scm\ec376781-43f8-45d6-aace-d5f1098aa870.inprocess to <SYSTEM32>\logfiles\scm\ec376781-43f8-45d6-aace-d5f1098aa870.1btc
- from %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 to %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015.inprocess
- from <SYSTEM32>\logfiles\scm\dfe71e5e-79f3-41d2-bf54-46b9784d0be0.inprocess to <SYSTEM32>\logfiles\scm\dfe71e5e-79f3-41d2-bf54-46b9784d0be0.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\b889ab5d-f7d2-47ff-92a1-3ec877b7e01c.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\b889ab5d-f7d2-47ff-92a1-3ec877b7e01c.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\preferred to <SYSTEM32>\microsoft\protect\s-1-5-18\preferred.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\preferred.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\preferred.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\1e582198-061f-43f1-abdf-d4e9b606b035 to <SYSTEM32>\microsoft\protect\s-1-5-18\user\1e582198-061f-43f1-abdf-d4e9b606b035.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\1e582198-061f-43f1-abdf-d4e9b606b035.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\user\1e582198-061f-43f1-abdf-d4e9b606b035.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\77c4ffe1-d7e7-4052-b0d2-0145a6d25ddc to <SYSTEM32>\microsoft\protect\s-1-5-18\user\77c4ffe1-d7e7-4052-b0d2-0145a6d25ddc.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\77c4ffe1-d7e7-4052-b0d2-0145a6d25ddc.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\user\77c4ffe1-d7e7-4052-b0d2-0145a6d25ddc.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\f22e410f-f947-4e08-8f2a-8f65df603f8d to <SYSTEM32>\microsoft\protect\s-1-5-18\user\f22e410f-f947-4e08-8f2a-8f65df603f8d.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\f22e410f-f947-4e08-8f2a-8f65df603f8d.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\user\f22e410f-f947-4e08-8f2a-8f65df603f8d.1btc
- from <SYSTEM32>\logfiles\scm\dd9f510c-95f4-499a-90c8-bac5bc372ff4.inprocess to <SYSTEM32>\logfiles\scm\dd9f510c-95f4-499a-90c8-bac5bc372ff4.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\preferred to <SYSTEM32>\microsoft\protect\s-1-5-18\user\preferred.inprocess
- from %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357 to %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357.inprocess
- from %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357.inprocess to %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357.1btc
- from %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357 to %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357.inprocess
- from %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357.inprocess to %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357.1btc
- from %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\7b2238aaccedc3f1ffe8e7eb5f575ec9 to %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\7b2238aaccedc3f1ffe8e7eb5f575ec9.inprocess
- from %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\7b2238aaccedc3f1ffe8e7eb5f575ec9.inprocess to %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\7b2238aaccedc3f1ffe8e7eb5f575ec9.1btc
- from %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\7b2238aaccedc3f1ffe8e7eb5f575ec9 to %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\7b2238aaccedc3f1ffe8e7eb5f575ec9.inprocess
- from %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\7b2238aaccedc3f1ffe8e7eb5f575ec9.inprocess to %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\7b2238aaccedc3f1ffe8e7eb5f575ec9.1btc
- from %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\94308059b57b3142e455b38a6eb92015 to %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\content\94308059b57b3142e455b38a6eb92015.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\abdf506e-31e5-4dd0-a80f-df7f34e9085e.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\abdf506e-31e5-4dd0-a80f-df7f34e9085e.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\b889ab5d-f7d2-47ff-92a1-3ec877b7e01c to <SYSTEM32>\microsoft\protect\s-1-5-18\b889ab5d-f7d2-47ff-92a1-3ec877b7e01c.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\abdf506e-31e5-4dd0-a80f-df7f34e9085e to <SYSTEM32>\microsoft\protect\s-1-5-18\abdf506e-31e5-4dd0-a80f-df7f34e9085e.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\3f8420f5-9196-4b40-819c-981aefcfa279.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\3f8420f5-9196-4b40-819c-981aefcfa279.1btc
- from <SYSTEM32>\microsoft\protect\s-1-5-18\3f8420f5-9196-4b40-819c-981aefcfa279 to <SYSTEM32>\microsoft\protect\s-1-5-18\3f8420f5-9196-4b40-819c-981aefcfa279.inprocess
- from <SYSTEM32>\logfiles\scm\e0270037-d02b-4da1-bee3-2abb41002ff3.inprocess to <SYSTEM32>\logfiles\scm\e0270037-d02b-4da1-bee3-2abb41002ff3.1btc
- from <SYSTEM32>\logfiles\scm\e22a8667-f75b-4ba9-ba46-067ed4429de8 to <SYSTEM32>\logfiles\scm\e22a8667-f75b-4ba9-ba46-067ed4429de8.inprocess
- from <SYSTEM32>\logfiles\scm\e22a8667-f75b-4ba9-ba46-067ed4429de8.inprocess to <SYSTEM32>\logfiles\scm\e22a8667-f75b-4ba9-ba46-067ed4429de8.1btc
- from <SYSTEM32>\logfiles\scm\e3163c33-301d-4730-a266-5518c5ed3967 to <SYSTEM32>\logfiles\scm\e3163c33-301d-4730-a266-5518c5ed3967.inprocess
- from <SYSTEM32>\logfiles\scm\e3163c33-301d-4730-a266-5518c5ed3967.inprocess to <SYSTEM32>\logfiles\scm\e3163c33-301d-4730-a266-5518c5ed3967.1btc
- from <SYSTEM32>\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50 to <SYSTEM32>\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50.inprocess
- from <SYSTEM32>\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50.inprocess to <SYSTEM32>\logfiles\scm\eaca24ff-236c-401d-a1e7-b3d5267b8a50.1btc
- from <SYSTEM32>\logfiles\scm\eb02381f-d652-4b1c-894a-712498c62c51 to <SYSTEM32>\logfiles\scm\eb02381f-d652-4b1c-894a-712498c62c51.inprocess
- from <SYSTEM32>\logfiles\scm\eb02381f-d652-4b1c-894a-712498c62c51.inprocess to <SYSTEM32>\logfiles\scm\eb02381f-d652-4b1c-894a-712498c62c51.1btc
- from <SYSTEM32>\logfiles\scm\dfe71e5e-79f3-41d2-bf54-46b9784d0be0 to <SYSTEM32>\logfiles\scm\dfe71e5e-79f3-41d2-bf54-46b9784d0be0.inprocess
- from <SYSTEM32>\logfiles\scm\a48cabbf-24c8-4b87-b00f-9261807c3b43.inprocess to <SYSTEM32>\logfiles\scm\a48cabbf-24c8-4b87-b00f-9261807c3b43.1btc
- from <SYSTEM32>\logfiles\scm\ec376781-43f8-45d6-aace-d5f1098aa870 to <SYSTEM32>\logfiles\scm\ec376781-43f8-45d6-aace-d5f1098aa870.inprocess
- from <SYSTEM32>\logfiles\scm\ee2b4e26-7388-4e38-b892-9271b0ade0bc.inprocess to <SYSTEM32>\logfiles\scm\ee2b4e26-7388-4e38-b892-9271b0ade0bc.1btc
- from <SYSTEM32>\logfiles\scm\fa2bc0a6-8d4b-458a-85c8-2b8c72487513 to <SYSTEM32>\logfiles\scm\fa2bc0a6-8d4b-458a-85c8-2b8c72487513.inprocess
- from <SYSTEM32>\logfiles\scm\fa2bc0a6-8d4b-458a-85c8-2b8c72487513.inprocess to <SYSTEM32>\logfiles\scm\fa2bc0a6-8d4b-458a-85c8-2b8c72487513.1btc
- from <SYSTEM32>\logfiles\scm\fb3c354d-297a-4eb2-9b58-090f6361906b to <SYSTEM32>\logfiles\scm\fb3c354d-297a-4eb2-9b58-090f6361906b.inprocess
- from <SYSTEM32>\logfiles\scm\fb3c354d-297a-4eb2-9b58-090f6361906b.inprocess to <SYSTEM32>\logfiles\scm\fb3c354d-297a-4eb2-9b58-090f6361906b.1btc
- from <SYSTEM32>\logfiles\scm\fdd56c73-f0d5-41b6-b767-6effd7966428 to <SYSTEM32>\logfiles\scm\fdd56c73-f0d5-41b6-b767-6effd7966428.inprocess
- from <SYSTEM32>\logfiles\scm\fdd56c73-f0d5-41b6-b767-6effd7966428.inprocess to <SYSTEM32>\logfiles\scm\fdd56c73-f0d5-41b6-b767-6effd7966428.1btc
- from <SYSTEM32>\logfiles\scm\fe702d5e-c23e-4e35-893d-31404405e38b to <SYSTEM32>\logfiles\scm\fe702d5e-c23e-4e35-893d-31404405e38b.inprocess
- from <SYSTEM32>\logfiles\scm\fe702d5e-c23e-4e35-893d-31404405e38b.inprocess to <SYSTEM32>\logfiles\scm\fe702d5e-c23e-4e35-893d-31404405e38b.1btc
- from <SYSTEM32>\logfiles\scm\e0270037-d02b-4da1-bee3-2abb41002ff3 to <SYSTEM32>\logfiles\scm\e0270037-d02b-4da1-bee3-2abb41002ff3.inprocess
- from <SYSTEM32>\logfiles\scm\ee2b4e26-7388-4e38-b892-9271b0ade0bc to <SYSTEM32>\logfiles\scm\ee2b4e26-7388-4e38-b892-9271b0ade0bc.inprocess
- from <SYSTEM32>\microsoft\protect\s-1-5-18\user\preferred.inprocess to <SYSTEM32>\microsoft\protect\s-1-5-18\user\preferred.1btc
- from <SYSTEM32>\logfiles\scm\a48cabbf-24c8-4b87-b00f-9261807c3b43 to <SYSTEM32>\logfiles\scm\a48cabbf-24c8-4b87-b00f-9261807c3b43.inprocess
- from <SYSTEM32>\logfiles\scm\9435f817-fed2-454e-88cd-7f78fda62c48 to <SYSTEM32>\logfiles\scm\9435f817-fed2-454e-88cd-7f78fda62c48.inprocess
- from <SYSTEM32>\logfiles\scm\0ceabfc1-807f-4b9a-a7b8-7be003f67e56 to <SYSTEM32>\logfiles\scm\0ceabfc1-807f-4b9a-a7b8-7be003f67e56.inprocess
- from <SYSTEM32>\logfiles\scm\0ceabfc1-807f-4b9a-a7b8-7be003f67e56.inprocess to <SYSTEM32>\logfiles\scm\0ceabfc1-807f-4b9a-a7b8-7be003f67e56.1btc
- from <SYSTEM32>\logfiles\scm\1f7b7221-ae8f-44f3-ba82-f7d260f51964 to <SYSTEM32>\logfiles\scm\1f7b7221-ae8f-44f3-ba82-f7d260f51964.inprocess
- from <SYSTEM32>\logfiles\scm\1f7b7221-ae8f-44f3-ba82-f7d260f51964.inprocess to <SYSTEM32>\logfiles\scm\1f7b7221-ae8f-44f3-ba82-f7d260f51964.1btc
- from <SYSTEM32>\logfiles\scm\20d9d9a1-6850-4171-8428-8d975321925a to <SYSTEM32>\logfiles\scm\20d9d9a1-6850-4171-8428-8d975321925a.inprocess
- from <SYSTEM32>\logfiles\scm\20d9d9a1-6850-4171-8428-8d975321925a.inprocess to <SYSTEM32>\logfiles\scm\20d9d9a1-6850-4171-8428-8d975321925a.1btc
- from <SYSTEM32>\logfiles\scm\21e8dc7c-1165-4f13-9839-7938bf50f753 to <SYSTEM32>\logfiles\scm\21e8dc7c-1165-4f13-9839-7938bf50f753.inprocess
- from <SYSTEM32>\logfiles\scm\21e8dc7c-1165-4f13-9839-7938bf50f753.inprocess to <SYSTEM32>\logfiles\scm\21e8dc7c-1165-4f13-9839-7938bf50f753.1btc
- from <SYSTEM32>\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb to <SYSTEM32>\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb.inprocess
- from <DRIVERS>\etc\services to <DRIVERS>\etc\services.inprocess
- from <SYSTEM32>\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb.inprocess to <SYSTEM32>\logfiles\scm\2470470f-2634-478e-b181-571e98a789bb.1btc
- from <SYSTEM32>\logfiles\scm\28011108-68df-4c73-b91b-57427d501bba.inprocess to <SYSTEM32>\logfiles\scm\28011108-68df-4c73-b91b-57427d501bba.1btc
- from <SYSTEM32>\logfiles\scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c to <SYSTEM32>\logfiles\scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c.inprocess
- from <SYSTEM32>\logfiles\scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c.inprocess to <SYSTEM32>\logfiles\scm\2f57269b-1e09-4e2d-ab1e-b0fdac7d279c.1btc
- from <SYSTEM32>\logfiles\scm\33f8aceb-5d41-4518-a0b7-fcf01943e564 to <SYSTEM32>\logfiles\scm\33f8aceb-5d41-4518-a0b7-fcf01943e564.inprocess
- from <SYSTEM32>\logfiles\scm\33f8aceb-5d41-4518-a0b7-fcf01943e564.inprocess to <SYSTEM32>\logfiles\scm\33f8aceb-5d41-4518-a0b7-fcf01943e564.1btc
- from <SYSTEM32>\logfiles\scm\3e4542ee-fe0a-4407-8803-51042e151fc2 to <SYSTEM32>\logfiles\scm\3e4542ee-fe0a-4407-8803-51042e151fc2.inprocess
- from <SYSTEM32>\logfiles\scm\3e4542ee-fe0a-4407-8803-51042e151fc2.inprocess to <SYSTEM32>\logfiles\scm\3e4542ee-fe0a-4407-8803-51042e151fc2.1btc
- from <SYSTEM32>\logfiles\scm\4615dc38-0fc2-4736-9043-4bb495e34cc1 to <SYSTEM32>\logfiles\scm\4615dc38-0fc2-4736-9043-4bb495e34cc1.inprocess
- from <SYSTEM32>\logfiles\scm\4615dc38-0fc2-4736-9043-4bb495e34cc1.inprocess to <SYSTEM32>\logfiles\scm\4615dc38-0fc2-4736-9043-4bb495e34cc1.1btc
- from <SYSTEM32>\logfiles\scm\09f06bfe-a3c8-40e3-846a-6e6f4000c238 to <SYSTEM32>\logfiles\scm\09f06bfe-a3c8-40e3-846a-6e6f4000c238.inprocess
- from <SYSTEM32>\logfiles\scm\09f06bfe-a3c8-40e3-846a-6e6f4000c238.inprocess to <SYSTEM32>\logfiles\scm\09f06bfe-a3c8-40e3-846a-6e6f4000c238.1btc
- from <SYSTEM32>\logfiles\scm\09864cac-d8ef-43c3-8a09-6b1aa1d94fc7.inprocess to <SYSTEM32>\logfiles\scm\09864cac-d8ef-43c3-8a09-6b1aa1d94fc7.1btc
- from <SYSTEM32>\logfiles\scm\09864cac-d8ef-43c3-8a09-6b1aa1d94fc7 to <SYSTEM32>\logfiles\scm\09864cac-d8ef-43c3-8a09-6b1aa1d94fc7.inprocess
- from <SYSTEM32>\logfiles\scm\088482fa-65b8-4e17-9abf-1dcd48e8d373.inprocess to <SYSTEM32>\logfiles\scm\088482fa-65b8-4e17-9abf-1dcd48e8d373.1btc
- from <SYSTEM32>\config\bcd-template to <SYSTEM32>\config\bcd-template.inprocess
- from <SYSTEM32>\config\bcd-template.inprocess to <SYSTEM32>\config\bcd-template.1btc
- from <SYSTEM32>\config\components to <SYSTEM32>\config\components.inprocess
- from <SYSTEM32>\config\components.inprocess to <SYSTEM32>\config\components.1btc
- from <DRIVERS>\etc\hosts to <DRIVERS>\etc\hosts.inprocess
- from <DRIVERS>\etc\hosts.inprocess to <DRIVERS>\etc\hosts.1btc
- from <DRIVERS>\etc\networks to <DRIVERS>\etc\networks.inprocess
- from <DRIVERS>\etc\networks.inprocess to <DRIVERS>\etc\networks.1btc
- from <DRIVERS>\etc\protocol to <DRIVERS>\etc\protocol.inprocess
- from <SYSTEM32>\logfiles\scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4 to <SYSTEM32>\logfiles\scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4.inprocess
- from <SYSTEM32>\logfiles\scm\28011108-68df-4c73-b91b-57427d501bba to <SYSTEM32>\logfiles\scm\28011108-68df-4c73-b91b-57427d501bba.inprocess
- from <DRIVERS>\etc\protocol.inprocess to <DRIVERS>\etc\protocol.1btc
- from <SYSTEM32>\catroot2\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\catdb to <SYSTEM32>\catroot2\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\catdb.inprocess
- from <SYSTEM32>\logfiles\scm\00166f30-a0ee-4242-a5a2-78d7e510e671 to <SYSTEM32>\logfiles\scm\00166f30-a0ee-4242-a5a2-78d7e510e671.inprocess
- from <SYSTEM32>\logfiles\scm\00166f30-a0ee-4242-a5a2-78d7e510e671.inprocess to <SYSTEM32>\logfiles\scm\00166f30-a0ee-4242-a5a2-78d7e510e671.1btc
- from <SYSTEM32>\catroot2\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\catdb.inprocess to <SYSTEM32>\catroot2\{127d0a1d-4ef2-11d1-8608-00c04fc295ee}\catdb.1btc
- from <SYSTEM32>\logfiles\scm\0261c20d-a48a-42f1-bd19-591cacc62c2f to <SYSTEM32>\logfiles\scm\0261c20d-a48a-42f1-bd19-591cacc62c2f.inprocess
- from <SYSTEM32>\logfiles\scm\0261c20d-a48a-42f1-bd19-591cacc62c2f.inprocess to <SYSTEM32>\logfiles\scm\0261c20d-a48a-42f1-bd19-591cacc62c2f.1btc
- from <SYSTEM32>\logfiles\scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec to <SYSTEM32>\logfiles\scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec.inprocess
- from <SYSTEM32>\logfiles\scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec.inprocess to <SYSTEM32>\logfiles\scm\044a6734-e90e-4f8f-b357-b2dc8ab3b5ec.1btc
- from <SYSTEM32>\logfiles\scm\088482fa-65b8-4e17-9abf-1dcd48e8d373 to <SYSTEM32>\logfiles\scm\088482fa-65b8-4e17-9abf-1dcd48e8d373.inprocess
- from %WINDIR%\panther\setupinfo.inprocess to %WINDIR%\panther\setupinfo.1btc
- from <DRIVERS>\etc\services.inprocess to <DRIVERS>\etc\services.1btc
- from <SYSTEM32>\logfiles\scm\5c0aeeea-c154-45be-8499-bea5f11baff6 to <SYSTEM32>\logfiles\scm\5c0aeeea-c154-45be-8499-bea5f11baff6.inprocess
- from <SYSTEM32>\logfiles\scm\a478c694-6f21-45ea-b190-333c9222b9cb to <SYSTEM32>\logfiles\scm\a478c694-6f21-45ea-b190-333c9222b9cb.inprocess
- from <SYSTEM32>\logfiles\scm\486d715e-6aa2-44cf-bc48-b6990cbb53c6.inprocess to <SYSTEM32>\logfiles\scm\486d715e-6aa2-44cf-bc48-b6990cbb53c6.1btc
- from <SYSTEM32>\logfiles\scm\753c47ae-ec5e-44b3-95a9-2c8e553f0e39 to <SYSTEM32>\logfiles\scm\753c47ae-ec5e-44b3-95a9-2c8e553f0e39.inprocess
- from <SYSTEM32>\logfiles\scm\753c47ae-ec5e-44b3-95a9-2c8e553f0e39.inprocess to <SYSTEM32>\logfiles\scm\753c47ae-ec5e-44b3-95a9-2c8e553f0e39.1btc
- from <SYSTEM32>\logfiles\scm\7878fb06-b9d8-47c0-8c16-177a96fbbbde to <SYSTEM32>\logfiles\scm\7878fb06-b9d8-47c0-8c16-177a96fbbbde.inprocess
- from <SYSTEM32>\logfiles\scm\7878fb06-b9d8-47c0-8c16-177a96fbbbde.inprocess to <SYSTEM32>\logfiles\scm\7878fb06-b9d8-47c0-8c16-177a96fbbbde.1btc
- from <SYSTEM32>\logfiles\scm\796049aa-7d7b-4e06-9573-86488ce75919 to <SYSTEM32>\logfiles\scm\796049aa-7d7b-4e06-9573-86488ce75919.inprocess
- from <SYSTEM32>\logfiles\scm\796049aa-7d7b-4e06-9573-86488ce75919.inprocess to <SYSTEM32>\logfiles\scm\796049aa-7d7b-4e06-9573-86488ce75919.1btc
- from <SYSTEM32>\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08 to <SYSTEM32>\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08.inprocess
- from <SYSTEM32>\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08.inprocess to <SYSTEM32>\logfiles\scm\7afcc0ca-7121-422a-ab45-b0e8d599ff08.1btc
- from <SYSTEM32>\logfiles\scm\81540b9f-b5bf-47eb-9c95-be195bf2c664 to <SYSTEM32>\logfiles\scm\81540b9f-b5bf-47eb-9c95-be195bf2c664.inprocess
- from <SYSTEM32>\logfiles\scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4.inprocess to <SYSTEM32>\logfiles\scm\47536d45-eeec-4bdc-8183-a4dc1f8da9e4.1btc
- from <SYSTEM32>\logfiles\scm\81540b9f-b5bf-47eb-9c95-be195bf2c664.inprocess to <SYSTEM32>\logfiles\scm\81540b9f-b5bf-47eb-9c95-be195bf2c664.1btc
- from <SYSTEM32>\logfiles\scm\9435f817-fed2-454e-88cd-7f78fda62c48.inprocess to <SYSTEM32>\logfiles\scm\9435f817-fed2-454e-88cd-7f78fda62c48.1btc
- from <SYSTEM32>\logfiles\scm\994c86ad-a929-4b2c-88a0-4e25a107a029 to <SYSTEM32>\logfiles\scm\994c86ad-a929-4b2c-88a0-4e25a107a029.inprocess
- from <SYSTEM32>\logfiles\scm\994c86ad-a929-4b2c-88a0-4e25a107a029.inprocess to <SYSTEM32>\logfiles\scm\994c86ad-a929-4b2c-88a0-4e25a107a029.1btc
- from <SYSTEM32>\logfiles\scm\9979cb83-103a-4105-9e5d-c74b0af6d198 to <SYSTEM32>\logfiles\scm\9979cb83-103a-4105-9e5d-c74b0af6d198.inprocess
- from <SYSTEM32>\logfiles\scm\9979cb83-103a-4105-9e5d-c74b0af6d198.inprocess to <SYSTEM32>\logfiles\scm\9979cb83-103a-4105-9e5d-c74b0af6d198.1btc
- from <SYSTEM32>\logfiles\scm\99a6a4cf-6729-4c3a-bd5d-650668e121f5 to <SYSTEM32>\logfiles\scm\99a6a4cf-6729-4c3a-bd5d-650668e121f5.inprocess
- from <SYSTEM32>\logfiles\scm\99a6a4cf-6729-4c3a-bd5d-650668e121f5.inprocess to <SYSTEM32>\logfiles\scm\99a6a4cf-6729-4c3a-bd5d-650668e121f5.1btc
- from <SYSTEM32>\logfiles\scm\a35bb7a6-5f0c-4c9f-8450-2b3bed532d51 to <SYSTEM32>\logfiles\scm\a35bb7a6-5f0c-4c9f-8450-2b3bed532d51.inprocess
- from <SYSTEM32>\logfiles\scm\a35bb7a6-5f0c-4c9f-8450-2b3bed532d51.inprocess to <SYSTEM32>\logfiles\scm\a35bb7a6-5f0c-4c9f-8450-2b3bed532d51.1btc
- from <SYSTEM32>\logfiles\scm\72db7465-bc54-491b-a92a-4637a28c9bbf to <SYSTEM32>\logfiles\scm\72db7465-bc54-491b-a92a-4637a28c9bbf.inprocess
- from <SYSTEM32>\logfiles\scm\72db7465-bc54-491b-a92a-4637a28c9bbf.inprocess to <SYSTEM32>\logfiles\scm\72db7465-bc54-491b-a92a-4637a28c9bbf.1btc
- from <SYSTEM32>\logfiles\scm\695a2fb8-0867-4d9b-9df8-686f409aaca9.inprocess to <SYSTEM32>\logfiles\scm\695a2fb8-0867-4d9b-9df8-686f409aaca9.1btc
- from <SYSTEM32>\logfiles\scm\695a2fb8-0867-4d9b-9df8-686f409aaca9 to <SYSTEM32>\logfiles\scm\695a2fb8-0867-4d9b-9df8-686f409aaca9.inprocess
- from <SYSTEM32>\logfiles\scm\6738ba6e-ea75-4b6b-b8b8-71f0336dd8ef.inprocess to <SYSTEM32>\logfiles\scm\6738ba6e-ea75-4b6b-b8b8-71f0336dd8ef.1btc
- from <SYSTEM32>\logfiles\scm\4bc45b66-8a54-43f9-a00a-55a0c50957cd.inprocess to <SYSTEM32>\logfiles\scm\4bc45b66-8a54-43f9-a00a-55a0c50957cd.1btc
- from <SYSTEM32>\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7 to <SYSTEM32>\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7.inprocess
- from <SYSTEM32>\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7.inprocess to <SYSTEM32>\logfiles\scm\4c8b01a2-11ff-4c41-848f-508ef4f00cf7.1btc
- from <SYSTEM32>\logfiles\scm\4d56425e-6729-4b22-8e87-9cf5a35d6c13 to <SYSTEM32>\logfiles\scm\4d56425e-6729-4b22-8e87-9cf5a35d6c13.inprocess
- from <SYSTEM32>\logfiles\scm\4d56425e-6729-4b22-8e87-9cf5a35d6c13.inprocess to <SYSTEM32>\logfiles\scm\4d56425e-6729-4b22-8e87-9cf5a35d6c13.1btc
- from <SYSTEM32>\catroot2\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\catdb to <SYSTEM32>\catroot2\{f750e6c3-38ee-11d1-85e5-00c04fc295ee}\catdb.inprocess
- from <SYSTEM32>\logfiles\scm\5a40e926-9e86-4b89-9cfd-b12311724371 to <SYSTEM32>\logfiles\scm\5a40e926-9e86-4b89-9cfd-b12311724371.inprocess
- from <SYSTEM32>\logfiles\scm\5a40e926-9e86-4b89-9cfd-b12311724371.inprocess to <SYSTEM32>\logfiles\scm\5a40e926-9e86-4b89-9cfd-b12311724371.1btc
- from <SYSTEM32>\logfiles\scm\5b42dd9c-5a26-4f27-bb95-34603f0997e5 to <SYSTEM32>\logfiles\scm\5b42dd9c-5a26-4f27-bb95-34603f0997e5.inprocess
- from <SYSTEM32>\logfiles\scm\486d715e-6aa2-44cf-bc48-b6990cbb53c6 to <SYSTEM32>\logfiles\scm\486d715e-6aa2-44cf-bc48-b6990cbb53c6.inprocess
- from <SYSTEM32>\logfiles\scm\a478c694-6f21-45ea-b190-333c9222b9cb.inprocess to <SYSTEM32>\logfiles\scm\a478c694-6f21-45ea-b190-333c9222b9cb.1btc
- from <SYSTEM32>\logfiles\scm\5b42dd9c-5a26-4f27-bb95-34603f0997e5.inprocess to <SYSTEM32>\logfiles\scm\5b42dd9c-5a26-4f27-bb95-34603f0997e5.1btc
- from <SYSTEM32>\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412 to <SYSTEM32>\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412.inprocess
- from <SYSTEM32>\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412.inprocess to <SYSTEM32>\logfiles\scm\5f5a18eb-dc73-4e45-a11c-b59043598412.1btc
- from <SYSTEM32>\logfiles\scm\613612ba-897d-44ce-8dc1-8fc283f9fd51 to <SYSTEM32>\logfiles\scm\613612ba-897d-44ce-8dc1-8fc283f9fd51.inprocess
- from <SYSTEM32>\logfiles\scm\613612ba-897d-44ce-8dc1-8fc283f9fd51.inprocess to <SYSTEM32>\logfiles\scm\613612ba-897d-44ce-8dc1-8fc283f9fd51.1btc
- from <SYSTEM32>\logfiles\scm\6238a7ba-faf1-47c3-a342-fad3f9cf7c35 to <SYSTEM32>\logfiles\scm\6238a7ba-faf1-47c3-a342-fad3f9cf7c35.inprocess
- from <SYSTEM32>\logfiles\scm\6238a7ba-faf1-47c3-a342-fad3f9cf7c35.inprocess to <SYSTEM32>\logfiles\scm\6238a7ba-faf1-47c3-a342-fad3f9cf7c35.1btc
- from <SYSTEM32>\logfiles\scm\66ac8a2f-fde7-49cf-a90a-02be56721d7c to <SYSTEM32>\logfiles\scm\66ac8a2f-fde7-49cf-a90a-02be56721d7c.inprocess
- from <SYSTEM32>\logfiles\scm\66ac8a2f-fde7-49cf-a90a-02be56721d7c.inprocess to <SYSTEM32>\logfiles\scm\66ac8a2f-fde7-49cf-a90a-02be56721d7c.1btc
- from <SYSTEM32>\logfiles\scm\6738ba6e-ea75-4b6b-b8b8-71f0336dd8ef to <SYSTEM32>\logfiles\scm\6738ba6e-ea75-4b6b-b8b8-71f0336dd8ef.inprocess
- from <SYSTEM32>\logfiles\scm\4bc45b66-8a54-43f9-a00a-55a0c50957cd to <SYSTEM32>\logfiles\scm\4bc45b66-8a54-43f9-a00a-55a0c50957cd.inprocess
- from <SYSTEM32>\logfiles\scm\5c0aeeea-c154-45be-8499-bea5f11baff6.inprocess to <SYSTEM32>\logfiles\scm\5c0aeeea-c154-45be-8499-bea5f11baff6.1btc
- from %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015.inprocess to %WINDIR%\syswow64\config\systemprofile\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015.1btc
- from g:\bootsect.bak.inprocess to g:\bootsect.bak.1btc
- from %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\preferred.inprocess to %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\preferred.1btc
- from %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\preferred to %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\preferred.inprocess
- from %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\982d7f0f-81cf-4547-a13c-a5c6ca1b520c.inprocess to %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\982d7f0f-81cf-4547-a13c-a5c6ca1b520c.1btc
- from %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\982d7f0f-81cf-4547-a13c-a5c6ca1b520c to %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\982d7f0f-81cf-4547-a13c-a5c6ca1b520c.inprocess
- from %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\51da22b7-9513-4885-adb9-cd2e72f47f0a.inprocess to %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\51da22b7-9513-4885-adb9-cd2e72f47f0a.1btc
- from %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\51da22b7-9513-4885-adb9-cd2e72f47f0a to %APPDATA%\microsoft\protect\s-1-5-21-3150914307-1777937420-491476919-1000\51da22b7-9513-4885-adb9-cd2e72f47f0a.inprocess
- from %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202.inprocess to %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202.1btc
- from %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202 to %APPDATA%\mozilla\firefox\crash reports\installtime20200708170202.inprocess
- from %APPDATA%\thunderbird\crash reports\installtime20210406220621.inprocess to %APPDATA%\thunderbird\crash reports\installtime20210406220621.1btc
- from %APPDATA%\thunderbird\crash reports\installtime20210406220621 to %APPDATA%\thunderbird\crash reports\installtime20210406220621.inprocess
- from %APPDATA%\microsoft\crypto\rsa\s-1-5-21-3150914307-1777937420-491476919-1000\f58155b4b1d5a524ca0261c3ee99fb50_d99ef00b-ccd3-4f1d-9980-90ac453b0b47 to %APPDATA%\microsoft\crypto\rsa\s-1-5-21-3150914307-1777937420-491476919-1000\f58155b4b1d5a524ca0261c3ee99fb50_d99ef00b-ccd3-4f1d-9980-90ac453b0b47.inprocess
- from %APPDATA%\microsoft\protect\credhist.inprocess to %APPDATA%\microsoft\protect\credhist.1btc
- from %TEMP%\tmpaddon.inprocess to %TEMP%\tmpaddon.1btc
- from %TEMP%\tmpaddon to %TEMP%\tmpaddon.inprocess
- from %ProgramFiles%\mozilla thunderbird\removed-files.inprocess to %ProgramFiles%\mozilla thunderbird\removed-files.1btc
- from %ProgramFiles%\mozilla thunderbird\removed-files to %ProgramFiles%\mozilla thunderbird\removed-files.inprocess
- from %ProgramFiles%\mozilla thunderbird\precomplete.inprocess to %ProgramFiles%\mozilla thunderbird\precomplete.1btc
- from %ProgramFiles%\mozilla thunderbird\precomplete to %ProgramFiles%\mozilla thunderbird\precomplete.inprocess
- from %ProgramFiles%\mozilla firefox\removed-files.inprocess to %ProgramFiles%\mozilla firefox\removed-files.1btc
- from %ProgramFiles%\mozilla firefox\removed-files to %ProgramFiles%\mozilla firefox\removed-files.inprocess
- from %ProgramFiles%\mozilla firefox\precomplete.inprocess to %ProgramFiles%\mozilla firefox\precomplete.1btc
- from %ProgramFiles%\mozilla firefox\precomplete to %ProgramFiles%\mozilla firefox\precomplete.inprocess
- from %APPDATA%\microsoft\protect\credhist to %APPDATA%\microsoft\protect\credhist.inprocess
- from %APPDATA%\microsoft\crypto\rsa\s-1-5-21-3150914307-1777937420-491476919-1000\f58155b4b1d5a524ca0261c3ee99fb50_d99ef00b-ccd3-4f1d-9980-90ac453b0b47.inprocess to %APPDATA%\microsoft\crypto\rsa\s-1-5-21-3150914307-1777937420-491476919-1000\f58155b4b1d5a524ca0261c3ee99fb50_d99ef00b-ccd3-4f1d-9980-90ac453b0b47.1btc
- <Drive name for removable media>:\split.avi.inprocess
- C:\recovery\4cc8e8a4-51d2-11ee-b826-9a90d4dcffb5\winre.wim.inprocess
- C:\users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.inprocess
- C:\users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.inprocess
- C:\users\default\ntuser.dat.log1.inprocess
- C:\recovery\4cc8e8a4-51d2-11ee-b826-9a90d4dcffb5\boot.sdi.inprocess
- C:\users\default\ntuser.dat.log.inprocess
- <Drive name for removable media>:\uep_form_786_bulletin_1726i602.doc.inprocess
- <Drive name for removable media>:\sdkfailsafeemulator.cer.inprocess
- <Drive name for removable media>:\testee.cer.inprocess
- %ProgramFiles%\mozilla thunderbird\removed-files.inprocess
- %ProgramFiles%\mozilla thunderbird\precomplete.inprocess
- <Drive name for removable media>:\sdksampleunprivdeveloper.cer.inprocess
- <Drive name for removable media>:\contosoroot.cer.inprocess
- %ProgramFiles%\mozilla firefox\removed-files.inprocess
- <Drive name for removable media>:\sdksampleprivdeveloper.cer.inprocess
- %ProgramFiles%\mozilla firefox\precomplete.inprocess
- <Drive name for removable media>:\pmd.cer.inprocess
- <Drive name for removable media>:\contoso.cer.inprocess
- <Drive name for removable media>:\dashborder_144.bmp.inprocess
- <Drive name for removable media>:\toolbar.bmp.inprocess
- <Drive name for removable media>:\coffee.bmp.inprocess
- <Drive name for removable media>:\dashborder_120.bmp.inprocess
- C:\kms\kms_vl_all_aio_debug.log.inprocess
- <Drive name for removable media>:\join.avi.inprocess
- <Drive name for removable media>:\correct.avi.inprocess
- C:\kms\kms_vl_all_aio.cmd.inprocess
- D:\install.log.inprocess
- C:\users\default\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.inprocess
- C:\msocache\all users\{90140000-0011-0000-1000-0000000ff1ce}-c\office32ww.msi.inprocess
- %LOCALAPPDATA%\Google\Chrome\User Data\First Run
- %LOCALAPPDATA%\Microsoft\Feeds Cache\15IVKCR3\fwlink[1]
- %LOCALAPPDATA%\Microsoft\Feeds Cache\15IVKCR3\fwlink[2]
- %LOCALAPPDATA%\Microsoft\Feeds Cache\6FWA5FTW\fwlink[1]
- %LOCALAPPDATA%\Microsoft\Feeds Cache\BBS9HW0E\fwlink[1]
- %LOCALAPPDATA%\Microsoft\Feeds Cache\XWTAFHNG\fwlink[1]
- %LOCALAPPDATA%\Microsoft\Feeds Cache\XWTAFHNG\fwlink[2]
- %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extension Rules\LOCK
- %LOCALAPPDATA%\Google\Chrome\User Data\Default\Session Storage\LOCK
- %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extension State\LOCK
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=c: /on=c: /maxsize=401MB
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=c: /on=c: /maxsize=unbounded
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=d: /on=d: /maxsize=401MB
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=d: /on=d: /maxsize=unbounded
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=e: /on=e: /maxsize=401MB
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=e: /on=e: /maxsize=unbounded
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=f: /on=f: /maxsize=401MB
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=f: /on=f: /maxsize=unbounded
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=g: /on=g: /maxsize=401MB
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=g: /on=g: /maxsize=unbounded
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=h: /on=h: /maxsize=401MB
- '<SYSTEM32>\vssadmin.exe' Resize ShadowStorage /for=h: /on=h: /maxsize=unbounded
- '<SYSTEM32>\bcdedit.exe' /set {default} bootstatuspolicy ignoreallfailures
- '<SYSTEM32>\wbadmin.exe' DELETE SYSTEMSTATEBACKUP
- '<SYSTEM32>\wbadmin.exe' DELETE SYSTEMSTATEBACKUP -deleteOldest
- '<SYSTEM32>\wbem\wmic.exe' SHADOWCOPY /nointeractive