Hunt Log - Windows Persistencies

1.  
2. ArtifactCollectorFlow
3. Artifact data collection InternetExplorerBrowserHelperObjects completed successfully in flow ArtifactCollectorFlow with 13 responses
4. 2018-02-23 18:45:44 UTC
5.  
6.  
7. ArtifactCollectorFlow
8. Artifact WindowsAlternateShell data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\SafeBoot\\\\Option\\\\UseAlternateShell'\n pathtype : REGISTRY\n}" network_bytes_sent : 308 status : IOERROR }.
9. 2018-02-23 18:45:44 UTC
10.  
11.  
12. ArtifactCollectorFlow
13. Artifact data collection WindowsAlternateShell completed successfully in flow ArtifactCollectorFlow with 1 responses
14. 2018-02-23 18:45:44 UTC
15.  
16.  
17. ArtifactCollectorFlow
18. Artifact data collection WindowsAppCertDLLs completed successfully in flow ArtifactCollectorFlow with 0 responses
19. 2018-02-23 18:45:44 UTC
20.  
21.  
22. ArtifactCollectorFlow
23. Artifact data collection WindowsAppInitDLLs completed successfully in flow ArtifactCollectorFlow with 1 responses
24. 2018-02-23 18:45:44 UTC
25.  
26.  
27. ArtifactCollectorFlow
28. Artifact WindowsAppInitDLLs data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\AppInit_DLLs'\n pathtype : REGISTRY\n}" network_bytes_sent : 376 status : IOERROR }.
29. 2018-02-23 18:45:44 UTC
30.  
31.  
32. ArtifactCollectorFlow
33. Artifact WindowsAppInitDLLs data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\AppInit_DLLs'\n pathtype : REGISTRY\n}" network_bytes_sent : 347 status : IOERROR }.
34. 2018-02-23 18:45:44 UTC
35.  
36.  
37. ArtifactCollectorFlow
38. Artifact WindowsAppInitDLLs data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\AppInit_DLLs'\n pathtype : REGISTRY\n}" network_bytes_sent : 359 status : IOERROR }.
39. 2018-02-23 18:45:44 UTC
40.  
41.  
42. ArtifactCollectorFlow
43. Artifact data collection WindowsAppInitDLLs completed successfully in flow ArtifactCollectorFlow with 1 responses
44. 2018-02-23 18:45:44 UTC
45.  
46.  
47. ArtifactCollectorFlow
48. Artifact WindowsAppInitDLLs data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\AppInit_DLLs'\n pathtype : REGISTRY\n}" network_bytes_sent : 363 status : IOERROR }.
49. 2018-02-23 18:45:44 UTC
50.  
51.  
52. ArtifactCollectorFlow
53. Artifact WindowsAppInitDLLs data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\AppInit_DLLs'\n pathtype : REGISTRY\n}" network_bytes_sent : 346 status : IOERROR }.
54. 2018-02-23 18:45:44 UTC
55.  
56.  
57. ArtifactCollectorFlow
58. Artifact WindowsAppInitDLLs data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\AppInit_DLLs'\n pathtype : REGISTRY\n}" network_bytes_sent : 360 status : IOERROR }.
59. 2018-02-23 18:45:44 UTC
60.  
61.  
62. ArtifactCollectorFlow
63. Artifact WindowsBootVerificationProgram data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\BootVerificationProgram\\\\ImagePath'\n pathtype : REGISTRY\n}" network_bytes_sent : 307 status : IOERROR }.
64. 2018-02-23 18:45:44 UTC
65.  
66.  
67. ArtifactCollectorFlow
68. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 337 status : IOERROR }.
69. 2018-02-23 18:45:44 UTC
70.  
71.  
72. ArtifactCollectorFlow
73. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.03125 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 297 status : IOERROR }.
74. 2018-02-23 18:45:44 UTC
75.  
76.  
77. ArtifactCollectorFlow
78. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 323 status : IOERROR }.
79. 2018-02-23 18:45:44 UTC
80.  
81.  
82. ArtifactCollectorFlow
83. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 340 status : IOERROR }.
84. 2018-02-23 18:45:44 UTC
85.  
86.  
87. ArtifactCollectorFlow
88. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 284 status : IOERROR }.
89. 2018-02-23 18:45:44 UTC
90.  
91.  
92. ArtifactCollectorFlow
93. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 336 status : IOERROR }.
94. 2018-02-23 18:45:44 UTC
95.  
96.  
97. ArtifactCollectorFlow
98. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 353 status : IOERROR }.
99. 2018-02-23 18:45:44 UTC
100.  
101.  
102. ArtifactCollectorFlow
103. Artifact WindowsCommandProcessorAutoRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Command Processor\\\\AutoRun'\n pathtype : REGISTRY\n}" network_bytes_sent : 324 status : IOERROR }.
104. 2018-02-23 18:45:44 UTC
105.  
106.  
107. ArtifactCollectorFlow
108. Artifact data collection WindowsCredentialProviderFilters completed successfully in flow ArtifactCollectorFlow with 3 responses
109. 2018-02-23 18:45:44 UTC
110.  
111.  
112. ArtifactCollectorFlow
113. Artifact data collection WindowsCredentialProviders completed successfully in flow ArtifactCollectorFlow with 35 responses
114. 2018-02-23 18:45:57 UTC
115.  
116.  
117. FileFinder
118. Found and processed 1 files.
119. 2018-02-23 18:46:02 UTC
120.  
121.  
122. ArtifactCollectorFlow
123. Artifact data collection WindowsDebugger completed successfully in flow ArtifactCollectorFlow with 0 responses
124. 2018-02-23 18:46:02 UTC
125.  
126.  
127. ArtifactCollectorFlow
128. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Environment\\\\UserInitLogonScript'\n pathtype : REGISTRY\n}" network_bytes_sent : 309 status : IOERROR }.
129. 2018-02-23 18:46:02 UTC
130.  
131.  
132. ArtifactCollectorFlow
133. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Environment\\\\UserMprLogonScript'\n pathtype : REGISTRY\n}" network_bytes_sent : 324 status : IOERROR }.
134. 2018-02-23 18:46:02 UTC
135.  
136.  
137. ArtifactCollectorFlow
138. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Environment\\\\UserMprLogonScript'\n pathtype : REGISTRY\n}" network_bytes_sent : 307 status : IOERROR }.
139. 2018-02-23 18:46:02 UTC
140.  
141.  
142. ArtifactCollectorFlow
143. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Environment\\\\UserInitLogonServer'\n pathtype : REGISTRY\n}" network_bytes_sent : 309 status : IOERROR }.
144. 2018-02-23 18:46:02 UTC
145.  
146.  
147. ArtifactCollectorFlow
148. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Environment\\\\UserInitLogonScript'\n pathtype : REGISTRY\n}" network_bytes_sent : 308 status : IOERROR }.
149. 2018-02-23 18:46:02 UTC
150.  
151.  
152. ArtifactCollectorFlow
153. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Environment\\\\UserInitLogonScript'\n pathtype : REGISTRY\n}" network_bytes_sent : 325 status : IOERROR }.
154. 2018-02-23 18:46:02 UTC
155.  
156.  
157. ArtifactCollectorFlow
158. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Environment\\\\UserMprLogonScript'\n pathtype : REGISTRY\n}" network_bytes_sent : 308 status : IOERROR }.
159. 2018-02-23 18:46:02 UTC
160.  
161.  
162. ArtifactCollectorFlow
163. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Environment\\\\UserInitLogonServer'\n pathtype : REGISTRY\n}" network_bytes_sent : 308 status : IOERROR }.
164. 2018-02-23 18:46:02 UTC
165.  
166.  
167. ArtifactCollectorFlow
168. Artifact WindowsEnvironmentUserLoginScripts data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Environment\\\\UserInitLogonServer'\n pathtype : REGISTRY\n}" network_bytes_sent : 325 status : IOERROR }.
169. 2018-02-23 18:46:02 UTC
170.  
171.  
172. ArtifactCollectorFlow
173. Artifact data collection WindowsExplorerAutoplayHandlers completed successfully in flow ArtifactCollectorFlow with 21 responses
174. 2018-02-23 18:46:02 UTC
175.  
176.  
177. ArtifactCollectorFlow
178. Artifact data collection WindowsFileTypeAutorunAssociations completed successfully in flow ArtifactCollectorFlow with 856 responses
179. 2018-02-23 18:46:03 UTC
180.  
181.  
182. ArtifactCollectorFlow
183. Artifact WindowsLSAAuthenticationPackages data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\Lsa\\\\OSConfig\\\\Authentication Packages'\n pathtype : REGISTRY\n}" network_bytes_sent : 311 status : IOERROR }.
184. 2018-02-23 18:46:03 UTC
185.  
186.  
187. ArtifactCollectorFlow
188. Artifact data collection WindowsLSAAuthenticationPackages completed successfully in flow ArtifactCollectorFlow with 1 responses
189. 2018-02-23 18:46:03 UTC
190.  
191.  
192. ArtifactCollectorFlow
193. Artifact data collection WindowsLSANotificationPackages completed successfully in flow ArtifactCollectorFlow with 1 responses
194. 2018-02-23 18:46:03 UTC
195.  
196.  
197. ArtifactCollectorFlow
198. Artifact WindowsLSANotificationPackages data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\Lsa\\\\OSConfig\\\\Notification Packages'\n pathtype : REGISTRY\n}" network_bytes_sent : 309 status : IOERROR }.
199. 2018-02-23 18:46:03 UTC
200.  
201.  
202. ArtifactCollectorFlow
203. Artifact data collection WindowsLSASecurityPackages completed successfully in flow ArtifactCollectorFlow with 1 responses
204. 2018-02-23 18:46:03 UTC
205.  
206.  
207. ArtifactCollectorFlow
208. Artifact data collection WindowsLSASecurityPackages completed successfully in flow ArtifactCollectorFlow with 1 responses
209. 2018-02-23 18:46:03 UTC
210.  
211.  
212. ArtifactCollectorFlow
213. Artifact data collection WindowsMSDTCDLLs completed successfully in flow ArtifactCollectorFlow with 6 responses
214. 2018-02-23 18:46:03 UTC
215.  
216.  
217. ArtifactCollectorFlow
218. Artifact data collection WindowsMultiMediaDrivers completed successfully in flow ArtifactCollectorFlow with 56 responses
219. 2018-02-23 18:46:03 UTC
220.  
221.  
222. ArtifactCollectorFlow
223. Artifact data collection WindowsNetworkShellHelpers completed successfully in flow ArtifactCollectorFlow with 2 responses
224. 2018-02-23 18:46:03 UTC
225.  
226.  
227. ArtifactCollectorFlow
228. Artifact data collection WindowsPLAPProviders completed successfully in flow ArtifactCollectorFlow with 2 responses
229. 2018-02-23 18:46:33 UTC
230.  
231.  
232. ArtifactCollectorFlow
233. Artifact data collection WindowsPrintMonitors completed successfully in flow ArtifactCollectorFlow with 8 responses
234. 2018-02-23 18:46:33 UTC
235.  
236.  
237. ArtifactCollectorFlow
238. Artifact data collection WindowsRunKeys completed successfully in flow ArtifactCollectorFlow with 25 responses
239. 2018-02-23 18:46:33 UTC
240.  
241.  
242. ArtifactCollectorFlow
243. Artifact data collection WindowsRunServices completed successfully in flow ArtifactCollectorFlow with 0 responses
244. 2018-02-23 18:46:33 UTC
245.  
246.  
247. ArtifactCollectorFlow
248. Artifact WindowsScreenSaverExecutable data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Control Panel\\\\Desktop\\\\scrnsave.exe'\n pathtype : REGISTRY\n}" network_bytes_sent : 369 status : IOERROR }.
249. 2018-02-23 18:46:33 UTC
250.  
251.  
252. ArtifactCollectorFlow
253. Artifact WindowsScreenSaverExecutable data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Control Panel\\\\Desktop\\\\scrnsave.exe'\n pathtype : REGISTRY\n}" network_bytes_sent : 313 status : IOERROR }.
254. 2018-02-23 18:46:33 UTC
255.  
256.  
257. ArtifactCollectorFlow
258. Artifact WindowsScreenSaverExecutable data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Control Panel\\\\Desktop\\\\scrnsave.exe'\n pathtype : REGISTRY\n}" network_bytes_sent : 312 status : IOERROR }.
259. 2018-02-23 18:46:33 UTC
260.  
261.  
262. ArtifactCollectorFlow
263. Artifact WindowsScreenSaverExecutable data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Control Panel\\\\Desktop\\\\scrnsave.exe'\n pathtype : REGISTRY\n}" network_bytes_sent : 329 status : IOERROR }.
264. 2018-02-23 18:46:33 UTC
265.  
266.  
267. ArtifactCollectorFlow
268. Artifact WindowsScreenSaverExecutable data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Control Panel\\\\Desktop\\\\scrnsave.exe'\n pathtype : REGISTRY\n}" network_bytes_sent : 353 status : IOERROR }.
269. 2018-02-23 18:46:33 UTC
270.  
271.  
272. ArtifactCollectorFlow
273. Artifact WindowsScreenSaverExecutable data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\Control Panel\\\\Desktop\\\\scrnsave.exe'\n pathtype : REGISTRY\n}" network_bytes_sent : 352 status : IOERROR }.
274. 2018-02-23 18:46:33 UTC
275.  
276.  
277. ArtifactCollectorFlow
278. Artifact data collection WindowsSecurityProviders completed successfully in flow ArtifactCollectorFlow with 4 responses
279. 2018-02-23 18:46:33 UTC
280.  
281.  
282. ArtifactCollectorFlow
283. Artifact WindowsServiceControlManagerExtension data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\ServiceControlManagerExtension'\n pathtype : REGISTRY\n}" network_bytes_sent : 303 status : IOERROR }.
284. 2018-02-23 18:46:33 UTC
285.  
286.  
287. ArtifactCollectorFlow
288. Artifact data collection WindowsSessionManagerBootExecute completed successfully in flow ArtifactCollectorFlow with 1 responses
289. 2018-02-23 18:46:33 UTC
290.  
291.  
292. ArtifactCollectorFlow
293. Artifact WindowsSessionManagerExecute data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\Execute'\n pathtype : REGISTRY\n}" network_bytes_sent : 297 status : IOERROR }.
294. 2018-02-23 18:46:33 UTC
295.  
296.  
297. ArtifactCollectorFlow
298. Artifact data collection WindowsSessionManagerSetupExecute completed successfully in flow ArtifactCollectorFlow with 1 responses
299. 2018-02-23 18:46:33 UTC
300.  
301.  
302. ArtifactCollectorFlow
303. Artifact data collection WindowsSessionManagerSubSystems completed successfully in flow ArtifactCollectorFlow with 1 responses
304. 2018-02-23 18:46:33 UTC
305.  
306.  
307. ArtifactCollectorFlow
308. Artifact WindowsSessionManagerWOWCommandLine data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\WOW\\\\wowcmdline'\n pathtype : REGISTRY\n}" network_bytes_sent : 305 status : IOERROR }.
309. 2018-02-23 18:46:33 UTC
310.  
311.  
312. ArtifactCollectorFlow
313. Artifact WindowsSessionManagerWOWCommandLine data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\WOW\\\\cmdline'\n pathtype : REGISTRY\n}" network_bytes_sent : 302 status : IOERROR }.
314. 2018-02-23 18:46:33 UTC
315.  
316.  
317. ArtifactCollectorFlow
318. Artifact data collection WindowsSharedTaskScheduler completed successfully in flow ArtifactCollectorFlow with 0 responses
319. 2018-02-23 18:46:33 UTC
320.  
321.  
322. ArtifactCollectorFlow
323. Artifact data collection WindowsShellExecuteHooks completed successfully in flow ArtifactCollectorFlow with 0 responses
324. 2018-02-23 18:46:33 UTC
325.  
326.  
327. ArtifactCollectorFlow
328. Artifact data collection WindowsShellExtensions completed successfully in flow ArtifactCollectorFlow with 2 responses
329. 2018-02-23 18:46:33 UTC
330.  
331.  
332. ArtifactCollectorFlow
333. Artifact data collection WindowsShellIconOverlayIdentifiers completed successfully in flow ArtifactCollectorFlow with 15 responses
334. 2018-02-23 18:46:33 UTC
335.  
336.  
337. ArtifactCollectorFlow
338. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Run'\n pathtype : REGISTRY\n}" network_bytes_sent : 338 status : IOERROR }.
339. 2018-02-23 18:46:33 UTC
340.  
341.  
342. ArtifactCollectorFlow
343. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Load'\n pathtype : REGISTRY\n}" network_bytes_sent : 339 status : IOERROR }.
344. 2018-02-23 18:46:33 UTC
345.  
346.  
347. ArtifactCollectorFlow
348. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Run'\n pathtype : REGISTRY\n}" network_bytes_sent : 367 status : IOERROR }.
349. 2018-02-23 18:46:33 UTC
350.  
351.  
352. ArtifactCollectorFlow
353. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Load'\n pathtype : REGISTRY\n}" network_bytes_sent : 351 status : IOERROR }.
354. 2018-02-23 18:46:33 UTC
355.  
356.  
357. ArtifactCollectorFlow
358. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Load'\n pathtype : REGISTRY\n}" network_bytes_sent : 368 status : IOERROR }.
359. 2018-02-23 18:46:33 UTC
360.  
361.  
362. ArtifactCollectorFlow
363. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Run'\n pathtype : REGISTRY\n}" network_bytes_sent : 337 status : IOERROR }.
364. 2018-02-23 18:46:33 UTC
365.  
366.  
367. ArtifactCollectorFlow
368. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Run'\n pathtype : REGISTRY\n}" network_bytes_sent : 354 status : IOERROR }.
369. 2018-02-23 18:46:33 UTC
370.  
371.  
372. ArtifactCollectorFlow
373. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Load'\n pathtype : REGISTRY\n}" network_bytes_sent : 338 status : IOERROR }.
374. 2018-02-23 18:46:33 UTC
375.  
376.  
377. ArtifactCollectorFlow
378. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Load'\n pathtype : REGISTRY\n}" network_bytes_sent : 355 status : IOERROR }.
379. 2018-02-23 18:46:33 UTC
380.  
381.  
382. ArtifactCollectorFlow
383. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Run'\n pathtype : REGISTRY\n}" network_bytes_sent : 351 status : IOERROR }.
384. 2018-02-23 18:46:33 UTC
385.  
386.  
387. ArtifactCollectorFlow
388. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Load'\n pathtype : REGISTRY\n}" network_bytes_sent : 352 status : IOERROR }.
389. 2018-02-23 18:46:33 UTC
390.  
391.  
392. ArtifactCollectorFlow
393. Artifact WindowsShellLoadAndRun data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Windows\\\\Run'\n pathtype : REGISTRY\n}" network_bytes_sent : 350 status : IOERROR }.
394. 2018-02-23 18:47:37 UTC
395.  
396.  
397. ArtifactCollectorFlow
398. Artifact data collection WindowsShellOpenCommand completed successfully in flow ArtifactCollectorFlow with 548 responses
399. 2018-02-23 18:47:37 UTC
400.  
401.  
402. ArtifactCollectorFlow
403. Artifact data collection WindowsShellServiceObjects completed successfully in flow ArtifactCollectorFlow with 2 responses
404. 2018-02-23 18:47:37 UTC
405.  
406.  
407. ArtifactCollectorFlow
408. Artifact data collection WindowsStubPaths completed successfully in flow ArtifactCollectorFlow with 19 responses
409. 2018-02-23 18:47:37 UTC
410.  
411.  
412. ArtifactCollectorFlow
413. Artifact WindowsSystemPolicyShell data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.03125 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System\\\\Shell'\n pathtype : REGISTRY\n}" network_bytes_sent : 306 status : IOERROR }.
414. 2018-02-23 18:47:37 UTC
415.  
416.  
417. ArtifactCollectorFlow
418. Artifact WindowsSystemPolicyShell data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Wow6432Node\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System\\\\Shell'\n pathtype : REGISTRY\n}" network_bytes_sent : 319 status : IOERROR }.
419. 2018-02-23 18:47:37 UTC
420.  
421.  
422. ArtifactCollectorFlow
423. Artifact data collection WindowsTerminalServerRunKeys completed successfully in flow ArtifactCollectorFlow with 0 responses
424. 2018-02-23 18:47:38 UTC
425.  
426.  
427. ArtifactCollectorFlow
428. Artifact data collection WindowsTerminalServerStartupPrograms completed successfully in flow ArtifactCollectorFlow with 1 responses
429. 2018-02-23 18:47:38 UTC
430.  
431.  
432. ArtifactCollectorFlow
433. Artifact data collection WindowsToolPaths completed successfully in flow ArtifactCollectorFlow with 3 responses
434. 2018-02-23 18:47:38 UTC
435.  
436.  
437. ArtifactCollectorFlow
438. Artifact WindowsWinlogonGinaDLL data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\GinaDLL'\n pathtype : REGISTRY\n}" network_bytes_sent : 343 status : IOERROR }.
439. 2018-02-23 18:47:38 UTC
440.  
441.  
442. ArtifactCollectorFlow
443. Artifact WindowsWinlogonGinaDLL data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\GinaDLL'\n pathtype : REGISTRY\n}" network_bytes_sent : 342 status : IOERROR }.
444. 2018-02-23 18:47:38 UTC
445.  
446.  
447. ArtifactCollectorFlow
448. Artifact WindowsWinlogonGinaDLL data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\GinaDLL'\n pathtype : REGISTRY\n}" network_bytes_sent : 359 status : IOERROR }.
449. 2018-02-23 18:47:38 UTC
450.  
451.  
452. ArtifactCollectorFlow
453. Artifact WindowsWinlogonGinaDLL data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.046875 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\GinaDLL'\n pathtype : REGISTRY\n}" network_bytes_sent : 303 status : IOERROR }.
454. 2018-02-23 18:47:38 UTC
455.  
456.  
457. ArtifactCollectorFlow
458. Artifact data collection WindowsWinlogonNotify completed successfully in flow ArtifactCollectorFlow with 0 responses
459. 2018-02-23 18:47:38 UTC
460.  
461.  
462. ArtifactCollectorFlow
463. Artifact WindowsWinlogonShell data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Shell'\n pathtype : REGISTRY\n}" network_bytes_sent : 357 status : IOERROR }.
464. 2018-02-23 18:47:38 UTC
465.  
466.  
467. ArtifactCollectorFlow
468. Artifact WindowsWinlogonShell data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Shell'\n pathtype : REGISTRY\n}" network_bytes_sent : 340 status : IOERROR }.
469. 2018-02-23 18:47:38 UTC
470.  
471.  
472. ArtifactCollectorFlow
473. Artifact data collection WindowsWinlogonShell completed successfully in flow ArtifactCollectorFlow with 1 responses
474. 2018-02-23 18:47:38 UTC
475.  
476.  
477. ArtifactCollectorFlow
478. Artifact WindowsWinlogonShell data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Shell'\n pathtype : REGISTRY\n}" network_bytes_sent : 341 status : IOERROR }.
479. 2018-02-23 18:47:38 UTC
480.  
481.  
482. ArtifactCollectorFlow
483. Artifact WindowsWinlogonSystem data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\System'\n pathtype : REGISTRY\n}" network_bytes_sent : 341 status : IOERROR }.
484. 2018-02-23 18:47:38 UTC
485.  
486.  
487. ArtifactCollectorFlow
488. Artifact WindowsWinlogonSystem data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\System'\n pathtype : REGISTRY\n}" network_bytes_sent : 342 status : IOERROR }.
489. 2018-02-23 18:47:38 UTC
490.  
491.  
492. ArtifactCollectorFlow
493. Artifact WindowsWinlogonSystem data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.046875 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\System'\n pathtype : REGISTRY\n}" network_bytes_sent : 302 status : IOERROR }.
494. 2018-02-23 18:47:38 UTC
495.  
496.  
497. ArtifactCollectorFlow
498. Artifact WindowsWinlogonSystem data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\System'\n pathtype : REGISTRY\n}" network_bytes_sent : 358 status : IOERROR }.
499.  
500. 2018-02-23 18:47:38 UTC
501. aff4:/C.9ecc1d4dea73c41d
502.  
503. ArtifactCollectorFlow
504. Artifact WindowsWinlogonTaskman data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.046875 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Taskman'\n pathtype : REGISTRY\n}" network_bytes_sent : 303 status : IOERROR }.
505. 2018-02-23 18:47:38 UTC
506.  
507.  
508. ArtifactCollectorFlow
509. Artifact WindowsWinlogonTaskman data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Taskman'\n pathtype : REGISTRY\n}" network_bytes_sent : 342 status : IOERROR }.
510. 2018-02-23 18:47:38 UTC
511.  
512.  
513. ArtifactCollectorFlow
514. Artifact WindowsWinlogonTaskman data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Taskman'\n pathtype : REGISTRY\n}" network_bytes_sent : 359 status : IOERROR }.
515. 2018-02-23 18:47:38 UTC
516.  
517.  
518. ArtifactCollectorFlow
519. Artifact WindowsWinlogonTaskman data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Taskman'\n pathtype : REGISTRY\n}" network_bytes_sent : 343 status : IOERROR }.
520. 2018-02-23 18:47:38 UTC
521.  
522.  
523. ArtifactCollectorFlow
524. Artifact WindowsWinlogonUiHost data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0625 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_LOCAL_MACHINE\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\UiHost'\n pathtype : REGISTRY\n}" network_bytes_sent : 302 status : IOERROR }.
525. 2018-02-23 18:47:38 UTC
526.  
527.  
528. ArtifactCollectorFlow
529. Artifact WindowsWinlogonUiHost data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\UiHost'\n pathtype : REGISTRY\n}" network_bytes_sent : 342 status : IOERROR }.
530. 2018-02-23 18:47:38 UTC
531.  
532.  
533. ArtifactCollectorFlow
534. Artifact WindowsWinlogonUiHost data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\UiHost'\n pathtype : REGISTRY\n}" network_bytes_sent : 341 status : IOERROR }.
535. 2018-02-23 18:47:38 UTC
536.  
537.  
538. ArtifactCollectorFlow
539. Artifact WindowsWinlogonUiHost data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\UiHost'\n pathtype : REGISTRY\n}" network_bytes_sent : 358 status : IOERROR }.
540. 2018-02-23 18:47:38 UTC
541.  
542.  
543. ArtifactCollectorFlow
544. Artifact data collection WindowsWinlogonUserinit completed successfully in flow ArtifactCollectorFlow with 1 responses
545. 2018-02-23 18:47:38 UTC
546.  
547.  
548. ArtifactCollectorFlow
549. Artifact WindowsWinlogonUserinit data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Userinit'\n pathtype : REGISTRY\n}" network_bytes_sent : 343 status : IOERROR }.
550. 2018-02-23 18:47:38 UTC
551.  
552.  
553. ArtifactCollectorFlow
554. Artifact WindowsWinlogonUserinit data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Userinit'\n pathtype : REGISTRY\n}" network_bytes_sent : 344 status : IOERROR }.
555. 2018-02-23 18:47:38 UTC
556.  
557.  
558. ArtifactCollectorFlow
559. Artifact WindowsWinlogonUserinit data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\Userinit'\n pathtype : REGISTRY\n}" network_bytes_sent : 360 status : IOERROR }.
560. 2018-02-23 18:47:38 UTC
561.  
562.  
563. ArtifactCollectorFlow
564. Artifact data collection WindowsWinlogonVMApplet completed successfully in flow ArtifactCollectorFlow with 1 responses
565. 2018-02-23 18:47:38 UTC
566.  
567.  
568. ArtifactCollectorFlow
569. Artifact WindowsWinlogonVMApplet data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-80-1044544286-2763731348-267423293-2293503259-2593316332\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\VMApplet'\n pathtype : REGISTRY\n}" network_bytes_sent : 360 status : IOERROR }.
570. 2018-02-23 18:47:38 UTC
571.  
572.  
573. ArtifactCollectorFlow
574. Artifact WindowsWinlogonVMApplet data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-3074471230-1509454340-965560753-1000\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\VMApplet'\n pathtype : REGISTRY\n}" network_bytes_sent : 343 status : IOERROR }.
575. 2018-02-23 18:47:38 UTC
576.  
577.  
578. ArtifactCollectorFlow
579. Artifact WindowsWinlogonVMApplet data collection failed. Status: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'HKEY_USERS\\\\S-1-5-21-823518204-362288127-1606980848-518115\\\\Software\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\Winlogon\\\\VMApplet'\n pathtype : REGISTRY\n}" network_bytes_sent : 344 status : IOERROR }.
580. 2018-02-23 18:47:38 UTC
581.  
582.  
583. ArtifactCollectorFlow
584. Artifact data collection WinSock2LayeredServiceProviders completed successfully in flow ArtifactCollectorFlow with 13 responses
585. 2018-02-23 18:47:38 UTC
586.  
587.  
588. ArtifactCollectorFlow
589. Artifact data collection WinSock2NamespaceProviders completed successfully in flow ArtifactCollectorFlow with 7 responses
590. 2018-02-23 18:47:40 UTC
591.  
592.  
593. ArtifactCollectorFlow
594. Artifact data collection WindowsPersistenceRegistryKeys completed successfully in flow ArtifactCollectorFlow with 1654 responses
595. 2018-02-23 18:47:41 UTC
596.  
597.  
598. ArtifactCollectorFlow
599. Artifact data collection WindowsPowerShellDefaultProfiles completed successfully in flow ArtifactCollectorFlow with 1 responses
600. 2018-02-23 18:47:42 UTC
601.  
602.  
603. ArtifactCollectorFlow
604. Artifact data collection WindowsServices completed successfully in flow ArtifactCollectorFlow with 8188 responses
605. 2018-02-23 18:47:45 UTC
606.  
607.  
608. ArtifactCollectorFlow
609. Artifact data collection WindowsPersistenceMechanisms completed successfully in flow ArtifactCollectorFlow with 2329 responses
610. 2018-02-23 18:47:52 UTC
611.  
612.  
613. MultiGetFile
614. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'cmd.exe'\n pathtype : OS\n}" network_bytes_sent : 195 status : IOERROR }
615. 2018-02-23 18:47:52 UTC
616.  
617.  
618. MultiGetFile
619. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'oci.dll'\n pathtype : OS\n}" network_bytes_sent : 195 status : IOERROR }
620. 2018-02-23 18:47:52 UTC
621.  
622.  
623. MultiGetFile
624. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'SQLLib80.dll'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
625. 2018-02-23 18:47:52 UTC
626.  
627.  
628. MultiGetFile
629. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'xa80.dll'\n pathtype : OS\n}" network_bytes_sent : 196 status : IOERROR }
630. 2018-02-23 18:47:52 UTC
631.  
632.  
633. MultiGetFile
634. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'midimap.dll'\n pathtype : OS\n}" network_bytes_sent : 199 status : IOERROR }
635. 2018-02-23 18:47:52 UTC
636.  
637.  
638. MultiGetFile
639. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'iyuv_32.dll'\n pathtype : OS\n}" network_bytes_sent : 199 status : IOERROR }
640. 2018-02-23 18:47:52 UTC
641.  
642.  
643. MultiGetFile
644. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'msrle32.dll'\n pathtype : OS\n}" network_bytes_sent : 199 status : IOERROR }
645. 2018-02-23 18:47:52 UTC
646.  
647.  
648. MultiGetFile
649. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'msvidc32.dll'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
650. 2018-02-23 18:47:52 UTC
651.  
652.  
653. MultiGetFile
654. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'msyuv.dll'\n pathtype : OS\n}" network_bytes_sent : 197 status : IOERROR }
655. 2018-02-23 18:47:52 UTC
656.  
657.  
658. MultiGetFile
659. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'tsbyuv.dll'\n pathtype : OS\n}" network_bytes_sent : 198 status : IOERROR }
660. 2018-02-23 18:47:52 UTC
661.  
662.  
663. MultiGetFile
664. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'VfWWDM32.dll'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
665. 2018-02-23 18:47:52 UTC
666.  
667.  
668. MultiGetFile
669. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'AdobePDF.dll'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
670. 2018-02-23 18:47:52 UTC
671.  
672.  
673. MultiGetFile
674. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'localspl.dll'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
675. 2018-02-23 18:47:52 UTC
676.  
677.  
678. MultiGetFile
679. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'FXSMON.DLL'\n pathtype : OS\n}" network_bytes_sent : 198 status : IOERROR }
680. 2018-02-23 18:47:52 UTC
681.  
682.  
683. MultiGetFile
684. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'PJLMON.DLL'\n pathtype : OS\n}" network_bytes_sent : 198 status : IOERROR }
685. 2018-02-23 18:47:52 UTC
686.  
687.  
688. MultiGetFile
689. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'ricA5Glm.dll'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
690. 2018-02-23 18:47:52 UTC
691.  
692.  
693. MultiGetFile
694. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'rc4mon64.dll'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
695. 2018-02-23 18:47:53 UTC
696.  
697.  
698. MultiGetFile
699. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'usbmon.dll'\n pathtype : OS\n}" network_bytes_sent : 198 status : IOERROR }
700. 2018-02-23 18:47:53 UTC
701.  
702.  
703. MultiGetFile
704. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'WSDMon.dll'\n pathtype : OS\n}" network_bytes_sent : 198 status : IOERROR }
705. 2018-02-23 18:47:54 UTC
706.  
707.  
708. MultiGetFile
709. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'credssp.dll'\n pathtype : OS\n}" network_bytes_sent : 199 status : IOERROR }
710. 2018-02-23 18:47:55 UTC
711.  
712.  
713. MultiGetFile
714. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.03125 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\Windows\\\\System32\\\\dfshim.dll,ShOpenVerbApplication %1'\n pathtype : OS\n}" network_bytes_sent : 247 status : IOERROR }
715. 2018-02-23 18:47:55 UTC
716.  
717.  
718. MultiGetFile
719. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\Windows\\\\System32\\\\dfshim.dll,ShOpenVerbShortcut %1|%2'\n pathtype : OS\n}" network_bytes_sent : 247 status : IOERROR }
720. 2018-02-23 18:47:55 UTC
721.  
722.  
723. MultiGetFile
724. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\_SMSTaskSequence\\\\WDPackage\\\\Tools\\\\X64\\\\BGInfo64.exe'\n pathtype : OS\n}" network_bytes_sent : 246 status : IOERROR }
725. 2018-02-23 18:47:56 UTC
726.  
727.  
728. MultiGetFile
729. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\Program Files (x86)\\\\Common Files\\\\Microsoft Shared\\\\VSTO\\\\vstoee.dll,InstallVstoSolution %1'\n pathtype : OS\n}" network_bytes_sent : 286 status : IOERROR }
730. 2018-02-23 18:47:56 UTC
731.  
732.  
733. MultiGetFile
734. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'rundll32.exe'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
735. 2018-02-23 18:47:56 UTC
736.  
737.  
738. MultiGetFile
739. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'PrintBrmUI.exe'\n pathtype : OS\n}" network_bytes_sent : 202 status : IOERROR }
740. 2018-02-23 18:47:56 UTC
741.  
742.  
743. MultiGetFile
744. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'cryptext.dll,CryptExtOpenCAT %1'\n pathtype : OS\n}" network_bytes_sent : 219 status : IOERROR }
745. 2018-02-23 18:47:56 UTC
746.  
747.  
748. MultiGetFile
749. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'cryptext.dll,CryptExtOpenCER %1'\n pathtype : OS\n}" network_bytes_sent : 219 status : IOERROR }
750. 2018-02-23 18:47:56 UTC
751.  
752.  
753. MultiGetFile
754. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'cryptext.dll,CryptExtOpenSTR %1'\n pathtype : OS\n}" network_bytes_sent : 219 status : IOERROR }
755. 2018-02-23 18:47:56 UTC
756.  
757.  
758. MultiGetFile
759. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'cryptext.dll,CryptExtOpenCRL %1'\n pathtype : OS\n}" network_bytes_sent : 220 status : IOERROR }
760. 2018-02-23 18:47:56 UTC
761.  
762.  
763. MultiGetFile
764. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\WINDOWS\\\\system32\\\\themecpl.dll,OpenThemeAction %1'\n pathtype : OS\n}" network_bytes_sent : 244 status : IOERROR }
765. 2018-02-23 18:47:57 UTC
766.  
767.  
768. MultiGetFile
769. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\WINDOWS\\\\system32\\\\perfmon /sys'\n pathtype : OS\n}" network_bytes_sent : 224 status : IOERROR }
770. 2018-02-23 18:47:58 UTC
771.  
772.  
773. MultiGetFile
774. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\Windows\\\\System32\\\\ieframe.dll,OpenURL %l'\n pathtype : OS\n}" network_bytes_sent : 234 status : IOERROR }
775. 2018-02-23 18:47:58 UTC
776.  
777.  
778. MultiGetFile
779. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'iexplore.exe'\n pathtype : OS\n}" network_bytes_sent : 201 status : IOERROR }
780. 2018-02-23 18:47:58 UTC
781.  
782.  
783. MultiGetFile
784. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'c:\\\\Program Files\\\\Microsoft SQL Server\\\\120\\\\DTS\\\\Binn\\\\dtsinstall.exe'\n pathtype : OS\n}" network_bytes_sent : 262 status : IOERROR }
785. 2018-02-23 18:47:58 UTC
786.  
787.  
788. MultiGetFile
789. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'c:\\\\Program Files\\\\Microsoft SQL Server\\\\120\\\\DTS\\\\Binn\\\\isdeploymentwizard.exe'\n pathtype : OS\n}" network_bytes_sent : 270 status : IOERROR }
790. 2018-02-23 18:47:58 UTC
791.  
792.  
793. MultiGetFile
794. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'GfxUIEx.exe'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
795. 2018-02-23 18:47:58 UTC
796.  
797.  
798. MultiGetFile
799. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\Program Files (x86)\\\\AS2\\\\bin\\\\kst30.exe'\n pathtype : OS\n}" network_bytes_sent : 233 status : IOERROR }
800. 2018-02-23 18:47:58 UTC
801.  
802.  
803. MultiGetFile
804. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'%CommonProgramFiles%\\\\System\\\\OLE DB\\\\oledb32.dll,OpenDSLFile %1'\n pathtype : OS\n}" network_bytes_sent : 254 status : IOERROR }
805. 2018-02-23 18:47:58 UTC
806.  
807.  
808. MultiGetFile
809. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'Rundll32.exe'\n pathtype : OS\n}" network_bytes_sent : 201 status : IOERROR }
810. 2018-02-23 18:47:58 UTC
811.  
812.  
813. MultiGetFile
814. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u'File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\shell32.dll,Control_RunDLL C:\\\\WINDOWS\\\\system32\\\\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"\'\n pathtype : OS\n}' network_bytes_sent : 320 status : IOERROR }
815. 2018-02-23 18:47:58 UTC
816.  
817.  
818. MultiGetFile
819. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\PROGRA~2\\\\MICROS~1\\\\Office16\\\\OMSMAIN.DLL, OmsProtocolHandler %1'\n pathtype : OS\n}" network_bytes_sent : 259 status : IOERROR }
820. 2018-02-23 18:47:58 UTC
821.  
822.  
823. MultiGetFile
824. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'cryptext.dll,CryptExtOpenP7R %1'\n pathtype : OS\n}" network_bytes_sent : 220 status : IOERROR }
825. 2018-02-23 18:47:58 UTC
826.  
827.  
828. MultiGetFile
829. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'cryptext.dll,CryptExtOpenPKCS7 %1'\n pathtype : OS\n}" network_bytes_sent : 222 status : IOERROR }
830. 2018-02-23 18:47:58 UTC
831.  
832.  
833. MultiGetFile
834. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'cryptext.dll,CryptExtOpenPFX %1'\n pathtype : OS\n}" network_bytes_sent : 220 status : IOERROR }
835. 2018-02-23 18:47:58 UTC
836.  
837.  
838. MultiGetFile
839. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\Program Files\\\\Windows Photo Viewer\\\\PhotoViewer.dll, ImageView_Fullscreen %1'\n pathtype : OS\n}" network_bytes_sent : 272 status : IOERROR }
840. 2018-02-23 18:47:58 UTC
841.  
842.  
843. MultiGetFile
844. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.03125 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\WINDOWS\\\\System32\\\\msrating.dll,ClickedOnPRF %1'\n pathtype : OS\n}" network_bytes_sent : 241 status : IOERROR }
845. 2018-02-23 18:47:59 UTC
846.  
847.  
848. MultiGetFile
849. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\WINDOWS\\\\System32\\\\msrating.dll,ClickedOnRAT %1'\n pathtype : OS\n}" network_bytes_sent : 241 status : IOERROR }
850. 2018-02-23 18:47:59 UTC
851.  
852.  
853. MultiGetFile
854. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'regedit.exe'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
855. 2018-02-23 18:47:59 UTC
856.  
857.  
858. MultiGetFile
859. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.03125 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\Windows\\\\System32\\\\url.dll,TelnetProtocolHandler %l'\n pathtype : OS\n}" network_bytes_sent : 245 status : IOERROR }
860. 2018-02-23 18:47:59 UTC
861.  
862.  
863. MultiGetFile
864. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.015625 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\WINDOWS\\\\system32\\\\dsquery.dll,OpenSavedDsQuery %1'\n pathtype : OS\n}" network_bytes_sent : 244 status : IOERROR }
865. 2018-02-23 18:48:05 UTC
866.  
867.  
868. MultiGetFile
869. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\WINDOWS\\\\System32\\\\ieframe.dll,OpenURL %l'\n pathtype : OS\n}" network_bytes_sent : 234 status : IOERROR }
870. 2018-02-23 18:48:09 UTC
871.  
872.  
873. MultiGetFile
874. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'msiexec.exe'\n pathtype : OS\n}" network_bytes_sent : 200 status : IOERROR }
875. 2018-02-23 18:48:10 UTC
876.  
877.  
878. MultiGetFile
879. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'explorer.exe'\n pathtype : OS\n}" network_bytes_sent : 201 status : IOERROR }
880. 2018-02-23 18:48:10 UTC
881.  
882.  
883. MultiGetFile
884. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'SystemPropertiesPerformance.exe'\n pathtype : OS\n}" network_bytes_sent : 220 status : IOERROR }
885. 2018-02-23 18:48:12 UTC
886.  
887.  
888. MultiGetFile
889. Hashed 200 files, skipped 0 already stored.
890. 2018-02-23 18:48:13 UTC
891.  
892.  
893. MultiGetFile
894. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'\\\\??\\\\C:\\\\ProgramData\\\\Microsoft\\\\Windows Defender\\\\Definition Updates\\\\{A2895139-C576-438B-8BC0-7E9AD8A7AF53}\\\\MpKslbb01cc7a.sys'\n pathtype : OS\n}" network_bytes_sent : 320 status : IOERROR }
895. 2018-02-23 18:48:31 UTC
896.  
897.  
898. MultiGetFile
899. Hashed 400 files, skipped 0 already stored.
900. 2018-02-23 18:48:34 UTC
901.  
902.  
903. MultiGetFile
904. Failed to stat file: message GrrStatus { cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u"File not found: message PathSpec {\n path : u'C:\\\\WINDOWS\\\\C:\\\\WINDOWS\\\\system32\\\\svchost.exe'\n pathtype : OS\n}" network_bytes_sent : 236 status : IOERROR }
905. 2018-02-23 18:48:44 UTC
906.  
907.  
908. MultiGetFile
909. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cmd.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cmd.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cmd.exe\'\n pathtype : OS\n}' network_bytes_sent : 626 status : GENERIC_ERROR }
910. 2018-02-23 18:48:44 UTC
911.  
912.  
913. MultiGetFile
914. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'oci.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'oci.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'oci.dll\'\n pathtype : OS\n}' network_bytes_sent : 626 status : GENERIC_ERROR }
915. 2018-02-23 18:48:44 UTC
916.  
917.  
918. MultiGetFile
919. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'SQLLib80.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'SQLLib80.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'SQLLib80.dll\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
920. 2018-02-23 18:48:44 UTC
921.  
922.  
923. MultiGetFile
924. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'xa80.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'xa80.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'xa80.dll\'\n pathtype : OS\n}' network_bytes_sent : 629 status : GENERIC_ERROR }
925. 2018-02-23 18:48:44 UTC
926.  
927.  
928. MultiGetFile
929. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'midimap.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'midimap.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'midimap.dll\'\n pathtype : OS\n}' network_bytes_sent : 638 status : GENERIC_ERROR }
930. 2018-02-23 18:48:44 UTC
931.  
932.  
933. MultiGetFile
934. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'iyuv_32.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'iyuv_32.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'iyuv_32.dll\'\n pathtype : OS\n}' network_bytes_sent : 638 status : GENERIC_ERROR }
935. 2018-02-23 18:48:44 UTC
936.  
937.  
938. MultiGetFile
939. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'msrle32.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'msrle32.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'msrle32.dll\'\n pathtype : OS\n}' network_bytes_sent : 638 status : GENERIC_ERROR }
940. 2018-02-23 18:48:44 UTC
941.  
942.  
943. MultiGetFile
944. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'msvidc32.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'msvidc32.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'msvidc32.dll\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
945. 2018-02-23 18:48:44 UTC
946.  
947.  
948. MultiGetFile
949. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'msyuv.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'msyuv.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'msyuv.dll\'\n pathtype : OS\n}' network_bytes_sent : 632 status : GENERIC_ERROR }
950. 2018-02-23 18:48:44 UTC
951.  
952.  
953. MultiGetFile
954. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'tsbyuv.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'tsbyuv.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'tsbyuv.dll\'\n pathtype : OS\n}' network_bytes_sent : 635 status : GENERIC_ERROR }
955. 2018-02-23 18:48:44 UTC
956.  
957.  
958. MultiGetFile
959. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'VfWWDM32.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'VfWWDM32.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'VfWWDM32.dll\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
960. 2018-02-23 18:48:44 UTC
961.  
962.  
963. MultiGetFile
964. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'AdobePDF.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'AdobePDF.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'AdobePDF.dll\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
965. 2018-02-23 18:48:46 UTC
966.  
967.  
968. MultiGetFile
969. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'localspl.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'localspl.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'localspl.dll\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
970. 2018-02-23 18:48:46 UTC
971.  
972.  
973. MultiGetFile
974. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'FXSMON.DLL\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'FXSMON.DLL\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'FXSMON.DLL\'\n pathtype : OS\n}' network_bytes_sent : 635 status : GENERIC_ERROR }
975. 2018-02-23 18:48:46 UTC
976.  
977.  
978. MultiGetFile
979. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'PJLMON.DLL\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'PJLMON.DLL\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'PJLMON.DLL\'\n pathtype : OS\n}' network_bytes_sent : 635 status : GENERIC_ERROR }
980. 2018-02-23 18:48:46 UTC
981.  
982.  
983. MultiGetFile
984. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'ricA5Glm.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'ricA5Glm.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'ricA5Glm.dll\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
985. 2018-02-23 18:48:46 UTC
986.  
987.  
988. MultiGetFile
989. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'rc4mon64.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'rc4mon64.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'rc4mon64.dll\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
990. 2018-02-23 18:48:46 UTC
991.  
992.  
993. MultiGetFile
994. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'usbmon.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'usbmon.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'usbmon.dll\'\n pathtype : OS\n}' network_bytes_sent : 635 status : GENERIC_ERROR }
995. 2018-02-23 18:48:46 UTC
996.  
997.  
998. MultiGetFile
999. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'WSDMon.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'WSDMon.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'WSDMon.dll\'\n pathtype : OS\n}' network_bytes_sent : 635 status : GENERIC_ERROR }
1000.  
1001. 2018-02-23 18:48:46 UTC
1002. aff4:/C.9ecc1d4dea73c41d
1003.  
1004. MultiGetFile
1005. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'credssp.dll\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'credssp.dll\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'credssp.dll\'\n pathtype : OS\n}' network_bytes_sent : 638 status : GENERIC_ERROR }
1006. 2018-02-23 18:48:46 UTC
1007.  
1008.  
1009. MultiGetFile
1010. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\dfshim.dll,ShOpenVerbApplication %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.03125 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\dfshim.dll,ShOpenVerbApplication %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\dfshim.dll,ShOpenVerbApplication %1\'\n pathtype : OS\n}' network_bytes_sent : 785 status : GENERIC_ERROR }
1011. 2018-02-23 18:48:46 UTC
1012.  
1013.  
1014. MultiGetFile
1015. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\dfshim.dll,ShOpenVerbShortcut %1|%2\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.03125 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\dfshim.dll,ShOpenVerbShortcut %1|%2\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\dfshim.dll,ShOpenVerbShortcut %1|%2\'\n pathtype : OS\n}' network_bytes_sent : 785 status : GENERIC_ERROR }
1016. 2018-02-23 18:48:46 UTC
1017.  
1018.  
1019. MultiGetFile
1020. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\_SMSTaskSequence\\\\WDPackage\\\\Tools\\\\X64\\\\BGInfo64.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\_SMSTaskSequence\\\\\\\\WDPackage\\\\\\\\Tools\\\\\\\\X64\\\\\\\\BGInfo64.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\_SMSTaskSequence\\\\WDPackage\\\\Tools\\\\X64\\\\BGInfo64.exe\'\n pathtype : OS\n}' network_bytes_sent : 786 status : GENERIC_ERROR }
1021. 2018-02-23 18:48:46 UTC
1022.  
1023.  
1024. MultiGetFile
1025. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\Program Files (x86)\\\\Common Files\\\\Microsoft Shared\\\\VSTO\\\\vstoee.dll,InstallVstoSolution %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\Program Files (x86)\\\\\\\\Common Files\\\\\\\\Microsoft Shared\\\\\\\\VSTO\\\\\\\\vstoee.dll,InstallVstoSolution %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\Program Files (x86)\\\\Common Files\\\\Microsoft Shared\\\\VSTO\\\\vstoee.dll,InstallVstoSolution %1\'\n pathtype : OS\n}' network_bytes_sent : 903 status : GENERIC_ERROR }
1026. 2018-02-23 18:48:46 UTC
1027.  
1028.  
1029. MultiGetFile
1030. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'rundll32.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'rundll32.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'rundll32.exe\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
1031. 2018-02-23 18:48:46 UTC
1032.  
1033.  
1034. MultiGetFile
1035. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'PrintBrmUI.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'PrintBrmUI.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'PrintBrmUI.exe\'\n pathtype : OS\n}' network_bytes_sent : 647 status : GENERIC_ERROR }
1036. 2018-02-23 18:48:46 UTC
1037.  
1038.  
1039. MultiGetFile
1040. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenCAT %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cryptext.dll,CryptExtOpenCAT %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenCAT %1\'\n pathtype : OS\n}' network_bytes_sent : 698 status : GENERIC_ERROR }
1041. 2018-02-23 18:48:46 UTC
1042.  
1043.  
1044. MultiGetFile
1045. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenCER %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cryptext.dll,CryptExtOpenCER %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenCER %1\'\n pathtype : OS\n}' network_bytes_sent : 698 status : GENERIC_ERROR }
1046. 2018-02-23 18:48:46 UTC
1047.  
1048.  
1049. MultiGetFile
1050. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenSTR %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cryptext.dll,CryptExtOpenSTR %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenSTR %1\'\n pathtype : OS\n}' network_bytes_sent : 698 status : GENERIC_ERROR }
1051. 2018-02-23 18:48:46 UTC
1052.  
1053.  
1054. MultiGetFile
1055. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenCRL %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cryptext.dll,CryptExtOpenCRL %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenCRL %1\'\n pathtype : OS\n}' network_bytes_sent : 698 status : GENERIC_ERROR }
1056. 2018-02-23 18:48:46 UTC
1057.  
1058.  
1059. MultiGetFile
1060. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\themecpl.dll,OpenThemeAction %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\themecpl.dll,OpenThemeAction %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\themecpl.dll,OpenThemeAction %1\'\n pathtype : OS\n}' network_bytes_sent : 773 status : GENERIC_ERROR }
1061. 2018-02-23 18:48:46 UTC
1062.  
1063.  
1064. MultiGetFile
1065. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\perfmon /sys\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.046875 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\perfmon /sys\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\perfmon /sys\'\n pathtype : OS\n}' network_bytes_sent : 716 status : GENERIC_ERROR }
1066. 2018-02-23 18:48:46 UTC
1067.  
1068.  
1069. MultiGetFile
1070. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\ieframe.dll,OpenURL %l\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.03125 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\ieframe.dll,OpenURL %l\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\ieframe.dll,OpenURL %l\'\n pathtype : OS\n}' network_bytes_sent : 746 status : GENERIC_ERROR }
1071. 2018-02-23 18:48:46 UTC
1072.  
1073.  
1074. MultiGetFile
1075. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'iexplore.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'iexplore.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'iexplore.exe\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
1076. 2018-02-23 18:48:46 UTC
1077.  
1078.  
1079. MultiGetFile
1080. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'c:\\\\Program Files\\\\Microsoft SQL Server\\\\120\\\\DTS\\\\Binn\\\\dtsinstall.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'c:\\\\\\\\Program Files\\\\\\\\Microsoft SQL Server\\\\\\\\120\\\\\\\\DTS\\\\\\\\Binn\\\\\\\\dtsinstall.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'c:\\\\Program Files\\\\Microsoft SQL Server\\\\120\\\\DTS\\\\Binn\\\\dtsinstall.exe\'\n pathtype : OS\n}' network_bytes_sent : 830 status : GENERIC_ERROR }
1081. 2018-02-23 18:48:46 UTC
1082.  
1083.  
1084. MultiGetFile
1085. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'c:\\\\Program Files\\\\Microsoft SQL Server\\\\120\\\\DTS\\\\Binn\\\\isdeploymentwizard.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'c:\\\\\\\\Program Files\\\\\\\\Microsoft SQL Server\\\\\\\\120\\\\\\\\DTS\\\\\\\\Binn\\\\\\\\isdeploymentwizard.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'c:\\\\Program Files\\\\Microsoft SQL Server\\\\120\\\\DTS\\\\Binn\\\\isdeploymentwizard.exe\'\n pathtype : OS\n}' network_bytes_sent : 854 status : GENERIC_ERROR }
1086. 2018-02-23 18:48:46 UTC
1087.  
1088.  
1089. MultiGetFile
1090. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'GfxUIEx.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'GfxUIEx.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'GfxUIEx.exe\'\n pathtype : OS\n}' network_bytes_sent : 638 status : GENERIC_ERROR }
1091. 2018-02-23 18:48:46 UTC
1092.  
1093.  
1094. MultiGetFile
1095. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\Program Files (x86)\\\\AS2\\\\bin\\\\kst30.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\Program Files (x86)\\\\\\\\AS2\\\\\\\\bin\\\\\\\\kst30.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\Program Files (x86)\\\\AS2\\\\bin\\\\kst30.exe\'\n pathtype : OS\n}' network_bytes_sent : 745 status : GENERIC_ERROR }
1096. 2018-02-23 18:48:46 UTC
1097.  
1098.  
1099. MultiGetFile
1100. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'%CommonProgramFiles%\\\\System\\\\OLE DB\\\\oledb32.dll,OpenDSLFile %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'%CommonProgramFiles%\\\\\\\\System\\\\\\\\OLE DB\\\\\\\\oledb32.dll,OpenDSLFile %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'%CommonProgramFiles%\\\\System\\\\OLE DB\\\\oledb32.dll,OpenDSLFile %1\'\n pathtype : OS\n}' network_bytes_sent : 803 status : GENERIC_ERROR }
1101. 2018-02-23 18:48:46 UTC
1102.  
1103.  
1104. MultiGetFile
1105. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'Rundll32.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'Rundll32.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'Rundll32.exe\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
1106. 2018-02-23 18:48:46 UTC
1107.  
1108.  
1109. MultiGetFile
1110. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\shell32.dll,Control_RunDLL C:\\\\WINDOWS\\\\system32\\\\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.03125 } error_message : u'IOError(\'File not found: message PathSpec {\\n path : u\\\'C:\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\shell32.dll,Control_RunDLL C:\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"\\\'\\n pathtype : OS\\n}\',): File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\shell32.dll,Control_RunDLL C:\\\\WINDOWS\\\\system32\\\\desk.cpl desk,@Appearance /Action:OpenMSTheme /file:"%1"\'\n pathtype : OS\n}' network_bytes_sent : 1006 status : GENERIC_ERROR }
1111. 2018-02-23 18:48:46 UTC
1112.  
1113.  
1114. MultiGetFile
1115. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\PROGRA~2\\\\MICROS~1\\\\Office16\\\\OMSMAIN.DLL, OmsProtocolHandler %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\PROGRA~2\\\\\\\\MICROS~1\\\\\\\\Office16\\\\\\\\OMSMAIN.DLL, OmsProtocolHandler %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\PROGRA~2\\\\MICROS~1\\\\Office16\\\\OMSMAIN.DLL, OmsProtocolHandler %1\'\n pathtype : OS\n}' network_bytes_sent : 817 status : GENERIC_ERROR }
1116. 2018-02-23 18:48:46 UTC
1117.  
1118.  
1119. MultiGetFile
1120. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenP7R %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cryptext.dll,CryptExtOpenP7R %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenP7R %1\'\n pathtype : OS\n}' network_bytes_sent : 698 status : GENERIC_ERROR }
1121. 2018-02-23 18:48:46 UTC
1122.  
1123.  
1124. MultiGetFile
1125. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenPKCS7 %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cryptext.dll,CryptExtOpenPKCS7 %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenPKCS7 %1\'\n pathtype : OS\n}' network_bytes_sent : 704 status : GENERIC_ERROR }
1126. 2018-02-23 18:48:46 UTC
1127.  
1128.  
1129. MultiGetFile
1130. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenPFX %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'cryptext.dll,CryptExtOpenPFX %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'cryptext.dll,CryptExtOpenPFX %1\'\n pathtype : OS\n}' network_bytes_sent : 698 status : GENERIC_ERROR }
1131. 2018-02-23 18:48:46 UTC
1132.  
1133.  
1134. MultiGetFile
1135. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\Program Files\\\\Windows Photo Viewer\\\\PhotoViewer.dll, ImageView_Fullscreen %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\Program Files\\\\\\\\Windows Photo Viewer\\\\\\\\PhotoViewer.dll, ImageView_Fullscreen %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\Program Files\\\\Windows Photo Viewer\\\\PhotoViewer.dll, ImageView_Fullscreen %1\'\n pathtype : OS\n}' network_bytes_sent : 854 status : GENERIC_ERROR }
1136. 2018-02-23 18:48:46 UTC
1137.  
1138.  
1139. MultiGetFile
1140. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\System32\\\\msrating.dll,ClickedOnPRF %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.046875 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\WINDOWS\\\\\\\\System32\\\\\\\\msrating.dll,ClickedOnPRF %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\System32\\\\msrating.dll,ClickedOnPRF %1\'\n pathtype : OS\n}' network_bytes_sent : 764 status : GENERIC_ERROR }
1141. 2018-02-23 18:48:46 UTC
1142.  
1143.  
1144. MultiGetFile
1145. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\System32\\\\msrating.dll,ClickedOnRAT %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.03125 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\WINDOWS\\\\\\\\System32\\\\\\\\msrating.dll,ClickedOnRAT %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\System32\\\\msrating.dll,ClickedOnRAT %1\'\n pathtype : OS\n}' network_bytes_sent : 764 status : GENERIC_ERROR }
1146. 2018-02-23 18:48:47 UTC
1147.  
1148.  
1149. MultiGetFile
1150. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'regedit.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'regedit.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'regedit.exe\'\n pathtype : OS\n}' network_bytes_sent : 638 status : GENERIC_ERROR }
1151. 2018-02-23 18:48:47 UTC
1152.  
1153.  
1154. MultiGetFile
1155. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\url.dll,TelnetProtocolHandler %l\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.046875 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\url.dll,TelnetProtocolHandler %l\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\Windows\\\\System32\\\\url.dll,TelnetProtocolHandler %l\'\n pathtype : OS\n}' network_bytes_sent : 776 status : GENERIC_ERROR }
1156. 2018-02-23 18:48:47 UTC
1157.  
1158.  
1159. MultiGetFile
1160. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\dsquery.dll,OpenSavedDsQuery %1\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\WINDOWS\\\\\\\\system32\\\\\\\\dsquery.dll,OpenSavedDsQuery %1\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\system32\\\\dsquery.dll,OpenSavedDsQuery %1\'\n pathtype : OS\n}' network_bytes_sent : 773 status : GENERIC_ERROR }
1161. 2018-02-23 18:48:47 UTC
1162.  
1163.  
1164. MultiGetFile
1165. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\System32\\\\ieframe.dll,OpenURL %l\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.015625 user_cpu_time : 0.015625 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'C:\\\\\\\\WINDOWS\\\\\\\\System32\\\\\\\\ieframe.dll,OpenURL %l\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'C:\\\\WINDOWS\\\\System32\\\\ieframe.dll,OpenURL %l\'\n pathtype : OS\n}' network_bytes_sent : 746 status : GENERIC_ERROR }
1166. 2018-02-23 18:48:47 UTC
1167.  
1168.  
1169. MultiGetFile
1170. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'msiexec.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'msiexec.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'msiexec.exe\'\n pathtype : OS\n}' network_bytes_sent : 638 status : GENERIC_ERROR }
1171. 2018-02-23 18:48:47 UTC
1172.  
1173.  
1174. MultiGetFile
1175. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'explorer.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'explorer.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'explorer.exe\'\n pathtype : OS\n}' network_bytes_sent : 641 status : GENERIC_ERROR }
1176. 2018-02-23 18:48:47 UTC
1177.  
1178.  
1179. MultiGetFile
1180. Failed to hash file: message GrrStatus { backtrace : u'Traceback (most recent call last):\n File "site-packages\\grr\\client\\actions.py", line 144, in Execute\n File "site-packages\\grr\\client\\client_actions\\file_fingerprint.py", line 46, in Run\n File "site-packages\\grr\\client\\vfs.py", line 410, in VFSOpen\nIOError: File not found: message PathSpec {\n path : u\'SystemPropertiesPerformance.exe\'\n pathtype : OS\n}\n' cpu_time_used : message CpuSeconds { system_cpu_time : 0.0 user_cpu_time : 0.0 } error_message : u'IOError("File not found: message PathSpec {\\n path : u\'SystemPropertiesPerformance.exe\'\\n pathtype : OS\\n}",): File not found: message PathSpec {\n path : u\'SystemPropertiesPerformance.exe\'\n pathtype : OS\n}' network_bytes_sent : 698 status : GENERIC_ERROR }
1181. 2018-02-23 19:31:19 UTC
1182.  
1183.  
1184. GenericHunt
1185. Hunt stop. Terminating all the started flows.
1186. 2018-02-23 19:31:19 UTC
1187.  
1188.  
1189. GenericHunt
1190. 1 flows terminated.