Technical Information
- [HKLM\System\CurrentControlSet\Services\EFS] 'Start' = '00000002'
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1238866942-1249195528-555854008-1000\c5d0b70cb91a89c5cea03703824ebd15_d4602615-9d50-4880-be41-678935e93eaa
- %APPDATA%\microsoft\systemcertificates\my\certificates\808bd7c1a30780c4c694740e27dd4acfcf605e09
- C:\system volume information\efs0.log
- %LOCALAPPDATA%\microsoft\efs0.tmp
- %LOCALAPPDATA%\microsoft\spoolsvc.exe
- %LOCALAPPDATA%\microsoft\efs0.tmp
- C:\system volume information\efs0.log
- '%LOCALAPPDATA%\microsoft\spoolsvc.exe'
- '<SYSTEM32>\efsui.exe' /efs /keybackup