03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9 (SHA256)
03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe
Windows Exe (x86-32)
Created at 2018-03-06 15:43:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: 03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe
896
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\eebsym5\desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe |
| Command Line | "C:\Users\EEBsYm5\Desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe" |
| Initial Working Directory | C:\Users\EEBsYm5\Desktop\ |
| Monitor | Start Time: 00:00:29, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:29, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x994 |
| Parent PID | 0x608 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | CRH2YWU7\EEBsYm5 |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
998
0x
9A0
0x
9A4
0x
9A8
0x
9B4
0x
9B8
0x
9BC
0x
9C8
0x
A5C
0x
A64
0x
A68
0x
A6C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x001effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000001f0000 | 0x001f0000 | 0x001fffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x0020ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0022ffff | Private Memory | - |
|
|
|
- |
| 03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe | 0x00230000 | 0x002a7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| private_0x00000000002b0000 | 0x002b0000 | 0x002bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000310000 | 0x00310000 | 0x003d7fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x004effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000004f0000 | 0x004f0000 | 0x005f0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0069ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000600000 | 0x00600000 | 0x00601fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000610000 | 0x00610000 | 0x00620fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| mscorrc.dll | 0x00630000 | 0x00691fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000006a0000 | 0x006a0000 | 0x006affff | Private Memory | - |
|
|
|
- |
| private_0x00000000006b0000 | 0x006b0000 | 0x006effff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x00000000006f0000 | 0x006f0000 | 0x012effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| rpcss.dll | 0x012f0000 | 0x0134bfff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000012f0000 | 0x012f0000 | 0x01362fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001370000 | 0x01370000 | 0x01370fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001380000 | 0x01380000 | 0x01386fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000001390000 | 0x01390000 | 0x01391fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000013c0000 | 0x013c0000 | 0x013fffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000001400000 | 0x01400000 | 0x014defff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000014f0000 | 0x014f0000 | 0x0152ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000015d0000 | 0x015d0000 | 0x0160ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x0000000001690000 | 0x01690000 | 0x0178ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000001790000 | 0x01790000 | 0x0378ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x03790000 | 0x0384ffff | Memory Mapped File | Readable, Writable |
|
|
|
- |
| private_0x0000000003860000 | 0x03860000 | 0x0395ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000039b0000 | 0x039b0000 | 0x03aaffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x03ab0000 | 0x03d7efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000003d80000 | 0x03d80000 | 0x03f2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003d80000 | 0x03d80000 | 0x03eaffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003ef0000 | 0x03ef0000 | 0x03f2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003f50000 | 0x03f50000 | 0x0404ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004050000 | 0x04050000 | 0x0504ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000040f0000 | 0x040f0000 | 0x041effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004210000 | 0x04210000 | 0x0430ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004410000 | 0x04410000 | 0x0450ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000046a0000 | 0x046a0000 | 0x0479ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000047b0000 | 0x047b0000 | 0x048affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000005050000 | 0x05050000 | 0x0604ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000006050000 | 0x06050000 | 0x0629ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000062a0000 | 0x062a0000 | 0x0729ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000072a0000 | 0x072a0000 | 0x0829ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000082a0000 | 0x082a0000 | 0x0929ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000092c0000 | 0x092c0000 | 0x093bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000093e0000 | 0x093e0000 | 0x094dffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nlp | 0x094e0000 | 0x097b1fff | Memory Mapped File | Readable |
|
|
|
- |
| system.core.ni.dll | 0x6a7d0000 | 0x6aee5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.windows.forms.dll | 0x6aa50000 | 0x6aee7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.windows.forms.ni.dll | 0x6aef0000 | 0x6bb47fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.drawing.ni.dll | 0x6bb50000 | 0x6bcdcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.ni.dll | 0x6bce0000 | 0x6c68cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorlib.ni.dll | 0x6c690000 | 0x6d8bafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clr.dll | 0x6d8c0000 | 0x6df67fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clrjit.dll | 0x6f9e0000 | 0x6fa5cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr120_clr0400.dll | 0x70040000 | 0x70134fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoreei.dll | 0x70140000 | 0x701b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoree.dll | 0x72ee0000 | 0x72f29fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nlssorting.dll | 0x73120000 | 0x73132fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| uxtheme.dll | 0x74d30000 | 0x74d6ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| version.dll | 0x75420000 | 0x75428fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x75740000 | 0x7577afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x759a0000 | 0x759b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcrypt.dll | 0x75ad0000 | 0x75ae6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75e20000 | 0x75e2bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrtremote.dll | 0x75ec0000 | 0x75ecdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x75ed0000 | 0x75edafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75f70000 | 0x75fb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x761d0000 | 0x762a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x762b0000 | 0x762cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x762e0000 | 0x762f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76300000 | 0x76356fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x765f0000 | 0x765f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x76700000 | 0x7679ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x767a0000 | 0x773e9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x773f0000 | 0x7748cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x77550000 | 0x775f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x77690000 | 0x7771efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x77720000 | 0x777cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x77970000 | 0x77acbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x77ad0000 | 0x77b98fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77ba0000 | 0x77c6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| psapi.dll | 0x77c70000 | 0x77c74fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77c80000 | 0x77ccdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apisetschema.dll | 0x77e80000 | 0x77e80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77ec0000 | 0x77ffbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\eebsym5\appdata\local\cullinnen.bin | 374.00 KB |
MD5:
3d7c786b09447300cd7c161e92c6c191
SHA1: 6010e79bb77c23870e08febeefa0d26fe7e374e9 SHA256: 476d03edff477a4b93dc05981e506037429943056dafb6ca6b23dd75a6bd8053 |
|
|
Host Behavior
File (728)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Program Files\Microsoft Analysis Services\royal-operating.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Microsoft.NET\participated tn spies.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\svchost.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\DVD Maker\pottery_invision.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\smss.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Microsoft Synchronization Services\shoremadagascar.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\svchost.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
5 | |
| Create | C:\Windows\system32\winlogon.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Windows Media Player\sv swaziland preparation rm.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Microsoft Office\speakers-malaysia.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Internet Explorer\interracial pour.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\csrss.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Microsoft Office\sender.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Common Files\having_yukon_multimedia_fragrance.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Windows Media Player\speakfailing.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Google\amendment-laws-outlined.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\taskhost.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\lsm.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\Explorer.EXE | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Windows Mail\christine interaction.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\lsass.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\taskeng.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\svchost.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\system32\csrss.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\spoolsv.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\services.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Reference Assemblies\argue-decision-vid.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\svchost.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\wininit.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\DVD Maker\kodak_planet_tribune.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\Dwm.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Adobe\store.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\system32\taskhost.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Common Files\pins_maybe.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\MSBuild\visiting.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Windows Journal\embedded.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Windows Mail\firm.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Program Files\Microsoft Synchronization Services\plots_hills_artist_seasonal.exe | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\AppData\Local\Cullinnen.bin | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Get Info | C:\Windows\Microsoft.NET\Framework\v4.0.30319\config\machine.config | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Microsoft Analysis Services\royal-operating.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Microsoft.NET\participated tn spies.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\svchost.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\DVD Maker\pottery_invision.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\smss.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Microsoft Synchronization Services\shoremadagascar.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\svchost.exe | type = file_type |
|
10 | |
| Get Info | C:\Windows\system32\winlogon.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Windows Media Player\sv swaziland preparation rm.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Microsoft Office\speakers-malaysia.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Internet Explorer\interracial pour.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\csrss.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Microsoft Office\sender.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Common Files\having_yukon_multimedia_fragrance.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Windows Media Player\speakfailing.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Google\amendment-laws-outlined.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\taskhost.exe | type = file_type |
|
2 | |
| Get Info | C:\Users\EEBsYm5\Desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\lsm.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\Explorer.EXE | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Windows Mail\christine interaction.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\lsass.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\taskeng.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\svchost.exe | type = file_type |
|
4 | |
| Get Info | C:\Windows\system32\csrss.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\spoolsv.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\services.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Reference Assemblies\argue-decision-vid.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\System32\svchost.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\wininit.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\DVD Maker\kodak_planet_tribune.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\Dwm.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Adobe\store.exe | type = file_type |
|
2 | |
| Get Info | C:\Windows\system32\taskhost.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Common Files\pins_maybe.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\MSBuild\visiting.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Windows Journal\embedded.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Windows Mail\firm.exe | type = file_type |
|
2 | |
| Get Info | C:\Program Files\Microsoft Synchronization Services\plots_hills_artist_seasonal.exe | type = file_type |
|
2 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Cullinnen.bin | type = file_type |
|
2 | |
| Get Info | - | type = file_type |
|
1 | |
| Get Info | - | type = file_type |
|
2 | |
| Read | C:\Program Files\Microsoft Analysis Services\royal-operating.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Microsoft Analysis Services\royal-operating.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Microsoft Analysis Services\royal-operating.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Microsoft.NET\participated tn spies.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Microsoft.NET\participated tn spies.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Microsoft.NET\participated tn spies.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\System32\svchost.exe | size = 4096, size_out = 4096 |
|
5 | |
| Read | C:\Windows\System32\svchost.exe | size = 4096, size_out = 512 |
|
1 | |
| Read | C:\Windows\System32\svchost.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\DVD Maker\pottery_invision.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\DVD Maker\pottery_invision.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\DVD Maker\pottery_invision.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\system32\smss.exe | size = 4096, size_out = 4096 |
|
17 | |
| Read | C:\Windows\system32\smss.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Microsoft Synchronization Services\shoremadagascar.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Microsoft Synchronization Services\shoremadagascar.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Microsoft Synchronization Services\shoremadagascar.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\system32\svchost.exe | size = 4096, size_out = 4096 |
|
25 | |
| Read | C:\Windows\system32\svchost.exe | size = 4096, size_out = 512 |
|
5 | |
| Read | C:\Windows\system32\svchost.exe | size = 4096, size_out = 0 |
|
5 | |
| Read | C:\Windows\system32\winlogon.exe | size = 4096, size_out = 4096 |
|
70 | |
| Read | C:\Windows\system32\winlogon.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Windows Media Player\sv swaziland preparation rm.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Windows Media Player\sv swaziland preparation rm.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Windows Media Player\sv swaziland preparation rm.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Microsoft Office\speakers-malaysia.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Microsoft Office\speakers-malaysia.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Microsoft Office\speakers-malaysia.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Internet Explorer\interracial pour.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Internet Explorer\interracial pour.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Internet Explorer\interracial pour.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\system32\csrss.exe | size = 4096, size_out = 4096 |
|
1 | |
| Read | C:\Windows\system32\csrss.exe | size = 4096, size_out = 2048 |
|
1 | |
| Read | C:\Windows\system32\csrss.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Microsoft Office\sender.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Microsoft Office\sender.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Microsoft Office\sender.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Common Files\having_yukon_multimedia_fragrance.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Common Files\having_yukon_multimedia_fragrance.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Common Files\having_yukon_multimedia_fragrance.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Program Files\Windows Media Player\speakfailing.exe | size = 4096, size_out = 4096 |
|
2 | |
| Read | C:\Users\EEBsYm5\Desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe | size = 4096, size_out = 4096 |
|
112 | |
| Read | C:\Users\EEBsYm5\Desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\system32\lsm.exe | size = 4096, size_out = 4096 |
|
65 | |
| Read | C:\Windows\system32\lsm.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Windows\system32\lsm.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | C:\Windows\Explorer.EXE | size = 4096, size_out = 4096 |
|
68 | |
| Read | C:\Program Files\Microsoft Synchronization Services\plots_hills_artist_seasonal.exe | size = 4096, size_out = 4096 |
|
18 | |
| Read | C:\Program Files\Microsoft Synchronization Services\plots_hills_artist_seasonal.exe | size = 4096, size_out = 1536 |
|
1 | |
| Read | C:\Program Files\Microsoft Synchronization Services\plots_hills_artist_seasonal.exe | size = 4096, size_out = 0 |
|
1 | |
| Write | C:\Users\EEBsYm5\AppData\Local\Cullinnen.bin | size = 382976 |
|
1 |
Process (45)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | "C:\Users\EEBsYm5\AppData\Local\Cullinnen.bin" | os_pid = 0xa4c, creation_flags = CREATE_NO_WINDOW, startup_flags = STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| Open | c:\program files\microsoft analysis services\royal-operating.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft.net\participated tn spies.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\dvd maker\pottery_invision.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\smss.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\shoremadagascar.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\winlogon.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\conhost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\speakers-malaysia.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\internet explorer\interracial pour.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft office\sender.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows media player\speakfailing.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\google\amendment-laws-outlined.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\audiodg.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsm.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\explorer.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\christine interaction.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\lsass.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskeng.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\csrss.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\spoolsv.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\services.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\reference assemblies\argue-decision-vid.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\svchost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\wininit.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\dvd maker\kodak_planet_tribune.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\dwm.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\adobe\store.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\windows\system32\taskhost.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\common files\pins_maybe.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\msbuild\visiting.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows journal\embedded.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\windows mail\firm.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 | |
| Open | c:\program files\microsoft synchronization services\plots_hills_artist_seasonal.exe | desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION |
|
1 |
Module (44)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Filename | - | process_name = c:\program files\microsoft analysis services\royal-operating.exe, file_name_orig = C:\Program Files\Microsoft Analysis Services\royal-operating.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\microsoft.net\participated tn spies.exe, file_name_orig = C:\Program Files\Microsoft.NET\participated tn spies.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\System32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\dvd maker\pottery_invision.exe, file_name_orig = C:\Program Files\DVD Maker\pottery_invision.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\smss.exe, file_name_orig = \SystemRoot\System32\smss.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\microsoft synchronization services\shoremadagascar.exe, file_name_orig = C:\Program Files\Microsoft Synchronization Services\shoremadagascar.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\winlogon.exe, file_name_orig = C:\Windows\system32\winlogon.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\conhost.exe, file_name_orig = C:\Program Files\Windows Media Player\sv swaziland preparation rm.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\microsoft office\speakers-malaysia.exe, file_name_orig = C:\Program Files\Microsoft Office\speakers-malaysia.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\internet explorer\interracial pour.exe, file_name_orig = C:\Program Files\Internet Explorer\interracial pour.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\csrss.exe, file_name_orig = C:\Windows\system32\csrss.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\microsoft office\sender.exe, file_name_orig = C:\Program Files\Microsoft Office\sender.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Program Files\Common Files\having_yukon_multimedia_fragrance.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\windows media player\speakfailing.exe, file_name_orig = C:\Program Files\Windows Media Player\speakfailing.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\google\amendment-laws-outlined.exe, file_name_orig = C:\Program Files\Google\amendment-laws-outlined.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Windows\system32\taskhost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\eebsym5\desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe, file_name_orig = C:\Users\EEBsYm5\Desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\lsm.exe, file_name_orig = C:\Windows\system32\lsm.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\explorer.exe, file_name_orig = C:\Windows\Explorer.EXE, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\windows mail\christine interaction.exe, file_name_orig = C:\Program Files\Windows Mail\christine interaction.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\lsass.exe, file_name_orig = C:\Windows\system32\lsass.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\taskeng.exe, file_name_orig = C:\Windows\system32\taskeng.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\csrss.exe, file_name_orig = C:\Windows\system32\csrss.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\spoolsv.exe, file_name_orig = C:\Windows\System32\spoolsv.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\services.exe, file_name_orig = C:\Windows\system32\services.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\reference assemblies\argue-decision-vid.exe, file_name_orig = C:\Program Files\Reference Assemblies\argue-decision-vid.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\system32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\svchost.exe, file_name_orig = C:\Windows\System32\svchost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\wininit.exe, file_name_orig = C:\Windows\system32\wininit.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\dvd maker\kodak_planet_tribune.exe, file_name_orig = C:\Program Files\DVD Maker\kodak_planet_tribune.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\dwm.exe, file_name_orig = C:\Windows\system32\Dwm.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\adobe\store.exe, file_name_orig = C:\Program Files\Adobe\store.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\taskhost.exe, file_name_orig = C:\Windows\system32\taskhost.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\common files\pins_maybe.exe, file_name_orig = C:\Program Files\Common Files\pins_maybe.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\msbuild\visiting.exe, file_name_orig = C:\Program Files\MSBuild\visiting.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\windows journal\embedded.exe, file_name_orig = C:\Program Files\Windows Journal\embedded.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\windows mail\firm.exe, file_name_orig = C:\Program Files\Windows Mail\firm.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files\microsoft synchronization services\plots_hills_artist_seasonal.exe, file_name_orig = C:\Program Files\Microsoft Synchronization Services\plots_hills_artist_seasonal.exe, size = 2048 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (18)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
9 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
2 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
4 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = COR_ENABLE_PROFILING |
|
1 |
Process #2: cullinnen.bin
2222
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\eebsym5\appdata\local\cullinnen.bin |
| Command Line | "C:\Users\EEBsYm5\AppData\Local\Cullinnen.bin" |
| Initial Working Directory | C:\Users\EEBsYm5\Desktop\ |
| Monitor | Start Time: 00:00:43, Reason: Child Process |
| Unmonitor | End Time: 00:02:29, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:46 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa4c |
| Parent PID | 0x994 (c:\users\eebsym5\desktop\03536cb6998e0db1bd4177909590e92694695071a1df19e19d3bf480aaeae4d9.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | CRH2YWU7\EEBsYm5 |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A50
0x
A74
0x
A78
0x
A7C
0x
A80
0x
A84
0x
A88
0x
A8C
0x
A90
0x
A94
0x
A98
0x
A9C
0x
AA0
0x
AAC
0x
AB0
0x
AB4
0x
AB8
0x
ABC
0x
AC0
0x
B44
0x
C60
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x0012ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0022ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x0027ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x0028ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x0038ffff | Private Memory | Readable, Writable |
|
|
|
- |
| rpcss.dll | 0x00390000 | 0x003ebfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x0039ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x003fdfff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x0040ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000410000 | 0x00410000 | 0x00420fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| mscorrc.dll | 0x00430000 | 0x00491fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000004a0000 | 0x004a0000 | 0x004dffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x00000000004e0000 | 0x004e0000 | 0x0052ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000530000 | 0x00530000 | 0x0053ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000000540000 | 0x00540000 | 0x00540fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x00550fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0059ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x00000000005a0000 | 0x005a0000 | 0x005affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000005b0000 | 0x005b0000 | 0x00677fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000000680000 | 0x00680000 | 0x00780fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000000790000 | 0x00790000 | 0x0082ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000000790000 | 0x00790000 | 0x007d7fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| rsaenh.dll | 0x007e0000 | 0x0081bfff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000000007e0000 | 0x007e0000 | 0x00823fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000830000 | 0x00830000 | 0x0092ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000930000 | 0x00930000 | 0x0093ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000940000 | 0x00940000 | 0x0094ffff | Private Memory | - |
|
|
|
- |
| pagefile_0x0000000000950000 | 0x00950000 | 0x00950fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000960000 | 0x00960000 | 0x0096ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000970000 | 0x00970000 | 0x009affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000000009b0000 | 0x009b0000 | 0x009dcfff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000a30000 | 0x00a30000 | 0x00b2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000000c20000 | 0x00c20000 | 0x00c5ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| cullinnen.bin | 0x00c70000 | 0x00cd5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| pagefile_0x0000000000ce0000 | 0x00ce0000 | 0x018dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000000018e0000 | 0x018e0000 | 0x038dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003950000 | 0x03950000 | 0x03a4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nls | 0x03a50000 | 0x03d1efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000003d20000 | 0x03d20000 | 0x03e4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003d40000 | 0x03d40000 | 0x03e3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003ea0000 | 0x03ea0000 | 0x03edffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003ee0000 | 0x03ee0000 | 0x03fdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000003fe0000 | 0x03fe0000 | 0x04fdffff | Private Memory | Readable, Writable |
|
|
|
- |
| sortdefault.nlp | 0x03fe0000 | 0x042b1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000000042c0000 | 0x042c0000 | 0x052bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000042c0000 | 0x042c0000 | 0x0449ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000042c0000 | 0x042c0000 | 0x043bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004460000 | 0x04460000 | 0x0449ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000044a0000 | 0x044a0000 | 0x0459ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000045f0000 | 0x045f0000 | 0x046effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004720000 | 0x04720000 | 0x0481ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004820000 | 0x04820000 | 0x0491ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004820000 | 0x04820000 | 0x04caffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004d90000 | 0x04d90000 | 0x04e8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004fe0000 | 0x04fe0000 | 0x05fdffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000004ff0000 | 0x04ff0000 | 0x050effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000051c0000 | 0x051c0000 | 0x052bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000005440000 | 0x05440000 | 0x0553ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000055f0000 | 0x055f0000 | 0x056effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000005fe0000 | 0x05fe0000 | 0x0622ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000006230000 | 0x06230000 | 0x0722ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000007230000 | 0x07230000 | 0x0822ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000000082f0000 | 0x082f0000 | 0x083effff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000008470000 | 0x08470000 | 0x0856ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000008570000 | 0x08570000 | 0x0956ffff | Private Memory | Readable, Writable |
|
|
|
- |
| system.core.ni.dll | 0x69b90000 | 0x6a2a5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.windows.forms.ni.dll | 0x6a2b0000 | 0x6af07fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.xml.ni.dll | 0x6af10000 | 0x6b625fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.ni.dll | 0x6b630000 | 0x6bfdcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscorlib.ni.dll | 0x6bfe0000 | 0x6d20afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clr.dll | 0x6d210000 | 0x6d8b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.drawing.ni.dll | 0x6dbc0000 | 0x6dd4cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| system.management.ni.dll | 0x6dd50000 | 0x6de6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcr120_clr0400.dll | 0x6de70000 | 0x6df64fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoreei.dll | 0x70140000 | 0x701b7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wmiutils.dll | 0x705e0000 | 0x705f6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemsvc.dll | 0x706b0000 | 0x706befff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemprox.dll | 0x708f0000 | 0x708f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdsapi.dll | 0x70900000 | 0x70917fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| fastprox.dll | 0x70920000 | 0x709b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wbemcomn.dll | 0x709f0000 | 0x70a4bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clrjit.dll | 0x72d40000 | 0x72dbcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mscoree.dll | 0x72ee0000 | 0x72f29fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nlssorting.dll | 0x72f50000 | 0x72f62fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| wminet_utils.dll | 0x73130000 | 0x73139fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| version.dll | 0x75420000 | 0x75428fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x75740000 | 0x7577afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x759a0000 | 0x759b5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcrypt.dll | 0x75ad0000 | 0x75ae6fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x75e20000 | 0x75e2bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrtremote.dll | 0x75ec0000 | 0x75ecdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x75f70000 | 0x75fb9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x761d0000 | 0x762a3fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x762b0000 | 0x762cefff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nsi.dll | 0x762d0000 | 0x762d5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x762e0000 | 0x762f8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x76300000 | 0x76356fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| lpk.dll | 0x765f0000 | 0x765f9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x76700000 | 0x7679ffff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x767a0000 | 0x773e9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| usp10.dll | 0x773f0000 | 0x7748cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ws2_32.dll | 0x77510000 | 0x77544fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x77550000 | 0x775f0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x77600000 | 0x77682fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x77690000 | 0x7771efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x77720000 | 0x777cbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ole32.dll | 0x77970000 | 0x77acbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x77ad0000 | 0x77b98fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x77ba0000 | 0x77c6bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x77c80000 | 0x77ccdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| apisetschema.dll | 0x77e80000 | 0x77e80fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x77ec0000 | 0x77ffbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007f6f0000 | 0x7f6f0000 | 0x7f7effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007ff4b000 | 0x7ff4b000 | 0x7ff4bfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ff4c000 | 0x7ff4c000 | 0x7ff4cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ff4d000 | 0x7ff4d000 | 0x7ff4dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ff4e000 | 0x7ff4e000 | 0x7ff4efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ff4f000 | 0x7ff4f000 | 0x7ff4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ff50000 | 0x7ff50000 | 0x7ff5ffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| private_0x000000007ff60000 | 0x7ff60000 | 0x7ffaffff | Private Memory | Readable, Writable, Executable |
|
|
|
- |
| pagefile_0x000000007ffb0000 | 0x7ffb0000 | 0x7ffd2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000007ffd3000 | 0x7ffd3000 | 0x7ffd3fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd4000 | 0x7ffd4000 | 0x7ffd4fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd5000 | 0x7ffd5000 | 0x7ffd5fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd6000 | 0x7ffd6000 | 0x7ffd6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd7000 | 0x7ffd7000 | 0x7ffd7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd8000 | 0x7ffd8000 | 0x7ffd8fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffd9000 | 0x7ffd9000 | 0x7ffd9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffda000 | 0x7ffda000 | 0x7ffdafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdb000 | 0x7ffdb000 | 0x7ffdbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdc000 | 0x7ffdc000 | 0x7ffdcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdd000 | 0x7ffdd000 | 0x7ffddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffde000 | 0x7ffde000 | 0x7ffdefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000007ffdf000 | 0x7ffdf000 | 0x7ffdffff | Private Memory | Readable, Writable |
|
|
|
- |
|
For performance reasons, the remaining 8 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\eebsym5\desktop\kkosgh02h8naz5ijv6.avi | 46.37 KB |
MD5:
29ff6639dd762147f1fe24d81ad9f273
SHA1: 1cb1cde9cbee15fe0d316f45ef09d7941cefd7b7 SHA256: 270407a49c24f7e96e5311a353832e7711de5a97b48ad3abe87e0b9780046546 |
|
|
| c:\users\eebsym5\desktop\kkosgh02h8naz5ijv6.avi | 46.41 KB |
MD5:
db5256a0da852f5b1f15baf60187691d
SHA1: 7b4ebb886cd2d6acbe59e9ca1e86bfca65936665 SHA256: 1a38acc076c5f14a4813090f392ce7236fcee97c11b8e964a0c3e765281fb903 |
|
|
| c:\users\eebsym5\desktop\pdjbi.avi | 97.24 KB |
MD5:
a03e2f3691e569c891d946a2add84b6a
SHA1: 37e51ba8318fdcd0376d7e27d87c7c79f2f09ee9 SHA256: 8d77e29e3f8cd1b6190ba0927eb5b22b0fd29c2ff3700270246f3e25c7238e06 |
|
|
| c:\users\eebsym5\desktop\pdjbi.avi | 97.27 KB |
MD5:
7affff3bf183bb2998405576d1f7e530
SHA1: 3a37b2120735a7042d5a182417b3e9ba3912758e SHA256: 97b4508d24d088cc1ad0467b88dfd2bb50c4e3bed126551727f97a2d9a42a4de |
|
|
| c:\users\eebsym5\desktop\qglz_e5 ezjdyen6jycj.avi | 62.75 KB |
MD5:
e86c3838ce545a9fd9a9f17310784bae
SHA1: 7e9bbf9d4b3f68e94ad2d2e5295e835735d1d290 SHA256: a320622513b9e0e0b4df16386508870eb5d1bde7f5164a4e2d67a5963c34a607 |
|
|
| c:\users\eebsym5\desktop\qglz_e5 ezjdyen6jycj.avi | 62.78 KB |
MD5:
c76130c54482457a99b89d3223b27742
SHA1: c9bfbe473001a176a91f1e7caabfe707efb18e03 SHA256: 92f3ead5a5e5b512413a70717bfb082ba530129057f946167c4e7c94b5b35755 |
|
|
| c:\users\eebsym5\desktop\r6z9tun.avi | 61.33 KB |
MD5:
0f597a78e5319787a236c7b10cfbc0a1
SHA1: 417e455ce0f42bf65b8191a34f0b98b9ebdf0c99 SHA256: d9bdfca2f35a77b48ea08fb4633d430da85497411fc0fc3b43e1fde748eb9636 |
|
|
| c:\users\eebsym5\desktop\r6z9tun.avi | 61.37 KB |
MD5:
e756fdf17c2013b3fd716038d8851c67
SHA1: 8816e0a130c92765b1ce8f2824cafea0020e6f71 SHA256: 776d124e59456ded5d9ac55c23d6067abd5d7d581b5d2eb894792f9f944b2f38 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\gembbw0qq91qpuvyj4q.avi | 64.19 KB |
MD5:
f35bf3f1a370f9361eb8d4f8f74f9b2f
SHA1: 838bbd025fef073fde045bbd50267b97da0bc244 SHA256: 8fafbf0c323c022a97e3640134de980e49e0ac324ce4c2a9dc139173eec02b0d |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\gembbw0qq91qpuvyj4q.avi | 64.22 KB |
MD5:
5b3a10ae0dc5e55148646ed9926395da
SHA1: 19d7262a369dbc8126b37f8345a2979bf61f2feb SHA256: 44f5fe4dc003e0d898e66ac96b5368de171bfdf3c6a8956b8af87a184589bb54 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\pzwzlhr75pe32famb-ao.avi | 73.07 KB |
MD5:
552bd6b17bd5d2e2a92cfcacbff9d4a7
SHA1: f3e2f90de337887f5bd6d3d44fa2188d7e6c7d9b SHA256: 1cc8b5c4dd0009829af898e3b9014347a286fce2c7cbb224bb9b03e151587595 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\pzwzlhr75pe32famb-ao.avi | 73.11 KB |
MD5:
59e3b829234c15a5d5f5ca096176d5b4
SHA1: df297cfb7df4e59f76d0834f63071c61d01be6f2 SHA256: d5dfd65101458a035a5f79a5b34b89b8fded73803bfcdac02e449219d32a041c |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\pg7prli ub-3e-iq_wfo\1nwexbwqs.avi | 98.26 KB |
MD5:
4dfad138297039c1603276e0917dc7a5
SHA1: f93fd9f6b83291f6ebf61296c8e7d5d504ec3c93 SHA256: a3b54a9fab8aff42ae97a61b82baa13e16a61d458bfbf8a1d15cac7ec4985f34 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\pg7prli ub-3e-iq_wfo\1nwexbwqs.avi | 98.29 KB |
MD5:
06e8304c030e42c6c0aa8d37b767ada0
SHA1: ecb585241562be51d8469298dedaca15401820fe SHA256: 807a9f1223d6f30f06f30444f436d83bfd41b51ad98c111e4459fac8d38f0ac8 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\5fc-f1.avi | 85.63 KB |
MD5:
e78c0b75510f186e0ec7dee4ec33e46a
SHA1: e4b4a810ad387e23b914cd5be6839d33724b5ac9 SHA256: 978a0ceee7baa1340da5d0ac7d4af0d0192c68576dae10c3da6ac496aa241a5c |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\5fc-f1.avi | 85.66 KB |
MD5:
577412cbd7ebf777c4810cb64b4cc3ec
SHA1: e6070e8ddf4b5dd633a769b1c02ea5ecc98a0181 SHA256: 7b72072e3e38d3b4d7af59181b6bb0e34ad76aa483a689ea671279f18df34e67 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\2s2w7p9bwyu2re0s.avi | 80.61 KB |
MD5:
f45d195e482f1ec1592e48f4ff7fac75
SHA1: 1d2129d74aef2c9cb32567c4bf1e5ff5cdfe1416 SHA256: 168e3007f5ed7033e10346940af277447aa969748b876d14d24f4c9ed5cb2729 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\2s2w7p9bwyu2re0s.avi | 80.65 KB |
MD5:
e779a898ef239c35ec6633b51aba544d
SHA1: 386d3fa75ed50db4e2b5978eaf3f0ed3b974af73 SHA256: 5d9aeec8d9ba1b15fd1cdcb9960c5c7a0b4d286408cc1ea5a5421548ead37c2e |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4ajqqwj0ey-eqczcpmsx.avi | 34.28 KB |
MD5:
7ab281f0d01855e1d7e15d0cf011aa15
SHA1: 1335ebb7d07443f975d5953f7e40d9bbed119ced SHA256: e51cd98c9b3e1bb912f463ccb58a4a84c16cb11fa9ce58aac54477d0e2d8ba89 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4ajqqwj0ey-eqczcpmsx.avi | 34.32 KB |
MD5:
d5077d98b5787e590c39544713e085af
SHA1: 5e65218c914b78f5dcbdf4187589009e99e418ea SHA256: 86fbf386abd7dbb9e61ac00ecc007456abab36f8c7ef4f8baaee2f315010a78d |
|
|
| c:\users\eebsym5\desktop\5v08njejltupj3nb2.doc | 4.60 KB |
MD5:
37b27eead5c8910773478b8570dcbca5
SHA1: d242e9c6bbe625385b4947d17ff7deb8c5cd275b SHA256: 7bf8c9e18020ae2d47b618c2a2053f4c8b7890936036b5fb1bf2d1f9df342f6d |
|
|
| c:\users\eebsym5\desktop\5v08njejltupj3nb2.doc | 4.63 KB |
MD5:
5e9306a0bb99a879b7187b35a8158ad8
SHA1: a04a0cb61c584e0cf7ef983816a2eabd83bd399f SHA256: f3ddbe1409db4ce72a5a23f3794474ec358c7732aedc58f91423d1a0ffd607ed |
|
|
| c:\users\eebsym5\documents\53lljaaw9oscw.docx | 50.43 KB |
MD5:
2e5a7f1b07893ae4109d837fd62636b5
SHA1: eb7031aceadb7a46e959b92e9f1de8df0dd83531 SHA256: 64e564a92712b0059fbc73290a8765031f99f0afc648925b334af72d8c731fe1 |
|
|
| c:\users\eebsym5\documents\53lljaaw9oscw.docx | 50.46 KB |
MD5:
9fa4d278e55187ea2c5aa70b75986f9c
SHA1: 27e8a019d70b2d9dc038daf9591322a64efcbc8b SHA256: 6e268db5b5f1f853c850067015f1c8b1f689676ac209ec50c2bbf91df4d9a291 |
|
|
| c:\users\eebsym5\documents\8ivd 2vsws1im_tym.doc | 95.22 KB |
MD5:
ea6df77962c06281921dda04e895e4e4
SHA1: 2cca8cf083402cc3363b144d4db2850329581f14 SHA256: 971818570f998e2e2ba11e9e91c40df843792dafa746ebac4e3f7dc40461a2ce |
|
|
| c:\users\eebsym5\documents\8ivd 2vsws1im_tym.doc | 95.26 KB |
MD5:
8aff91ad1c49eece815175f1a5725eb5
SHA1: e25663a85d9a174eade94cc2eba0d35a18c0536a SHA256: 98570aa59d049b835e4e265a0e284afb251bae07580d05fe5827ea69c9f00366 |
|
|
| c:\users\eebsym5\documents\jfzga.docx | 13.38 KB |
MD5:
a86fc5a4103608139c591f1ead7009b9
SHA1: 2bb9dd7443b596321867ba9c58f3661ff649e4e8 SHA256: 9df8d98722f41022b36d93b95e759e28c32c9e97fd8eb71dc46e89daf0a69e99 |
|
|
| c:\users\eebsym5\documents\jfzga.docx | 13.42 KB |
MD5:
8879cd190f69e06e0fb53dc697357048
SHA1: 0926eae64ffd2b70bb1e3f046864e63c2a5152dd SHA256: 9a07080b27c1350f31d4c8a3d46131215941c9b5142b2381c55d4318d3453a35 |
|
|
| c:\users\eebsym5\documents\k4grjxdu4no58n cq.docx | 43.96 KB |
MD5:
c68feaf1e9ea80470ee292009e0f6135
SHA1: 63c1dd8dd02d1cf072c435f93930c29c2b8ce000 SHA256: e22f4c947523c8b5040bdef2a7c4242ede6e161c78f5e5386033e4947fad5416 |
|
|
| c:\users\eebsym5\documents\k4grjxdu4no58n cq.docx | 44.00 KB |
MD5:
32c938b95d8f013d000f570c650ad6d9
SHA1: 8bcfffefdff14e0cf47e8d53b98d08d31b30d1a2 SHA256: bcbb7abe20670a8d14be046daa89f1cb5f3196645fa8b3f2601a89a7e59edfc0 |
|
|
| c:\users\eebsym5\documents\nehnoz.docx | 79.17 KB |
MD5:
6cb355c6e84e03446fab2d0f3b7fc133
SHA1: 28775821d26a13e137132e15573f86b4dc29d729 SHA256: 24dce52cd269d93fe371ee9fb70d68795ce0c798a3b9f4abb3951605ef461bb6 |
|
|
| c:\users\eebsym5\documents\nehnoz.docx | 79.20 KB |
MD5:
a3209ebbfaa350b717346f9d821bae30
SHA1: ed9b5594eccb5459a95179b75d8bec2726e13dbd SHA256: 273243cfcc9e99a03d55b38043de13086a0400228410fa25e0bf174418036baf |
|
|
| c:\users\eebsym5\documents\umpvhuqr_.docx | 81.27 KB |
MD5:
6929f85187bf4eb711c88ae7fea25450
SHA1: aaf39aea27f927523f1710256b923d2f6362148d SHA256: b8a031b275c7a23fa958b49b7e76a2c0c24c68a57a65ce51f275d8b0a3799ec0 |
|
|
| c:\users\eebsym5\documents\umpvhuqr_.docx | 81.31 KB |
MD5:
77a8b52236e416cc54d2de02e561c31a
SHA1: 819629273605d11755db74462234d5c2ee26d3af SHA256: ee8837d44633af6cbf667af55a2f973f5c4b0ca6eae234c6366f5011f8d49949 |
|
|
| c:\users\eebsym5\documents\z1ffd.docx | 40.06 KB |
MD5:
73513dcb562c21c4158859b0adcd5e3d
SHA1: d681ca627fb6e7f3edabda2818e1ec9577a00132 SHA256: cb13adc578a2eecaf98b8af1c50f8d1deffff2b3dcf17a891c6355ff112f555f |
|
|
| c:\users\eebsym5\documents\z1ffd.docx | 40.09 KB |
MD5:
d9a5b3954946321582dc5f01cd61ff73
SHA1: fbe6796a33ed5ee67ef42e0754ac5b887058c357 SHA256: 2ce8a557eb50687ea4ca42e51b7315a1ef5974b95906ea08d066b1b7c6a05897 |
|
|
| c:\users\eebsym5\documents\_yaffgxctgsm.doc | 48.11 KB |
MD5:
ae69c49e352e0eac8d5c3726cefb4f73
SHA1: 7e092e0ed26106b5949c8e2cd79490b152416c52 SHA256: 9d904b75077a8b3aae0effab8227f5e657a07479b04ae33a1e384bb09f32a81c |
|
|
| c:\users\eebsym5\documents\_yaffgxctgsm.doc | 48.14 KB |
MD5:
7d7348c7e9d026ed99fa7b7a40549775
SHA1: 57a016e51d7195311b96318b166eaa04bb77baac SHA256: 497677910e9ad3ad7bcb1327c3e1ed7129afa7c3922080452e59a9e352e20935 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\4bwppoqsbnbow.flv | 88.59 KB |
MD5:
45880c5549fd8c92e27b61665d4389d6
SHA1: 9e7d4d0501d7e65e1b7423449f06e2805ec479b3 SHA256: 736ac9367c8c0878ba12c66b44c565b52dffdab19dc2956564735e58320a36ce |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\4bwppoqsbnbow.flv | 88.62 KB |
MD5:
db91c0c9931699ca54893885f49105ab
SHA1: 047364bb1284ec7acd11df3fe04be92daac48b55 SHA256: 1f140bc7d17ad0c980f47cb1894dacac2fb3365b05edff17c6973b4d38d562bd |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\bro8fi.flv | 81.00 KB |
MD5:
c82452b550072676f4159275df25b617
SHA1: 9b4f6109ced88dcdd7ddd7e3852872e8af8f47e8 SHA256: 93568ed1bc6404ced019e4c48a05f866a854299dc89ea641ef0dc0f720fbd384 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\bro8fi.flv | 81.03 KB |
MD5:
1aa138fb78a836e7b5141d2d15b8fe93
SHA1: be1f93f4cac23aa60fb51d8ded4ba111fa55d18f SHA256: 15270a97602a30e920a42801a2bc32dd545ffcadfabc0ffb160d60800d93c727 |
|
|
| c:\users\eebsym5\desktop\3t m9pfn1dzwfk db.flv | 86.74 KB |
MD5:
c27c3e2b11ffdcef577207116b356466
SHA1: 321e8b61c8e6fe8ff08d2129b06deba50123868e SHA256: af54ecf115b441be8a3df757a317e2dcf4338969c884a7db13d0328a9f0186b1 |
|
|
| c:\users\eebsym5\desktop\3t m9pfn1dzwfk db.flv | 86.77 KB |
MD5:
2df92f262a4c0a8e4799c1f6e342d8c6
SHA1: 0a395f6e3d14c8439b347af9753e840f5bca6088 SHA256: 2003f3d322c6278f45866b9c88d3a6a0e38426503e769c3c42555c2d2202e959 |
|
|
| c:\users\eebsym5\desktop\lph_hxcfwynzujlm3h.flv | 88.15 KB |
MD5:
cb8fa1b876b461914df0b8dc09085888
SHA1: 7457923c2ce55e0ed9f36c6feeba2b7801457365 SHA256: ec751eb785b24c2150d845fdfb2421e8e4f2adce058dba304a3fb67a9380cf68 |
|
|
| c:\users\eebsym5\desktop\lph_hxcfwynzujlm3h.flv | 88.18 KB |
MD5:
09af10b8e6f596ee286e688a32a7e4be
SHA1: 81e349b1abf906154a2ba0447a73b90125dbb43b SHA256: 94fc0e549c33d53d2e2066544d0832122afce086823635452493eb3700291ccf |
|
|
| c:\users\eebsym5\videos\putxl4yb\tf0d.flv | 36.93 KB |
MD5:
a04dc21034ae08048279c3237b8c1152
SHA1: dbd07620f479cdcc31e5dfc3e6fcf1e68b5a2960 SHA256: b1d43d08b7462777bd845b920d7c52de8a1c75646a298e11d42643e28c74ecb5 |
|
|
| c:\users\eebsym5\videos\putxl4yb\tf0d.flv | 36.97 KB |
MD5:
ffa5cb922bb6fdb1b0e215db3be0fb19
SHA1: 4d65719de9b06628c0a00bd84c1455692c3f7f1e SHA256: 99eb1a22cdc2fbad77a2656a54e56f757f5d9802fa724d548c57ed2ab748c109 |
|
|
| c:\users\eebsym5\videos\putxl4yb\vlunv1qaa.flv | 25.31 KB |
MD5:
243c46ba47737363d56d245decccf8b3
SHA1: e9bcc5fdbbde68c7f6c504a5eb2c1bd141bbff5b SHA256: f14da38ea243abfb94264b3fd9d763ea78fe166145197057bc04f408a133380b |
|
|
| c:\users\eebsym5\videos\putxl4yb\vlunv1qaa.flv | 25.34 KB |
MD5:
25ec50cb20559b3da54cb47884622858
SHA1: 1654675df5961d5d546383896a701fbef988163f SHA256: 9693a4e9fa7ac270a310d16fdda05dea8225f208ea460b46fa347940243aa7e9 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\sddao.flv | 76.41 KB |
MD5:
56e5bfed3c2ef548396683fc275f079b
SHA1: f0e320754703833f7fc6ca8d823849c993d9b520 SHA256: 1155209d0296a26eebcc48c99e4192d4f078e635fa7723589bc2e9b553cb9dc4 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\sddao.flv | 76.45 KB |
MD5:
9f9dc267c3f093b1547ad13c6fd63906
SHA1: ce007df48e146af4f13c6263f3de2fa1f111b750 SHA256: 453210401212528732d71e50a8b55fe6d5e891b4b658e7a27e9e4353b6805395 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\yugv2kkmkul4t.flv | 45.68 KB |
MD5:
8f3bbbf3a0bf9dbd5bb8156b99a8b15f
SHA1: 956debdfb79c1477cf6fd31ae4b480702ae68243 SHA256: 67274ccdaf390b08f4a350917f1284ab644a3d84d379540a50b11dc6abd849bf |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\4tglwueu6\yugv2kkmkul4t.flv | 45.72 KB |
MD5:
c82d9b287705980146941788fced2a74
SHA1: 0922dd01ec07883ea9ed4327d88d41ab3d03ea7a SHA256: 642aa16efd32553256f100d15e7919c167ce9d766d2ca10ee742f49ff471ea50 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\pg7prli ub-3e-iq_wfo\phijn6hkkb76wi.flv | 96.69 KB |
MD5:
b96695f652d7d0b4047ec07c71fb9a4e
SHA1: 64bdc34a5b586c7afaa55519aaea9885adddd807 SHA256: c41089c18c0426a0049a39c7c58919e1680a44d03d3db80b09457ef4fc852477 |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\pg7prli ub-3e-iq_wfo\phijn6hkkb76wi.flv | 96.73 KB |
MD5:
f24ff266ee37b8dd89f78e1c5f938539
SHA1: f6d35df1407942b3f89a9e42a2166c9386d342d7 SHA256: e72df7b5e6029a1f1b93d7701631ceecadac9f7eceaccfb1609aa57ec09a9c4d |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\pg7prli ub-3e-iq_wfo\yhlro.flv | 63.99 KB |
MD5:
b45136d81266ca26d5d608d822466241
SHA1: 57c6ba0d8cb45ddf1ea09be18f7367c147947024 SHA256: a8818c9ec08c44061568317ce6db75cd7872fe0934093a7a9087cdbefddedb4a |
|
|
| c:\users\eebsym5\videos\wzau4jraavfldpkh4\uihkjcwgw2gwj_urk\pg7prli ub-3e-iq_wfo\yhlro.flv | 64.02 KB |
MD5:
9b5ba8e97656dbf98d7fdf4992742d5c
SHA1: 19b553d75a2c76d6022c445ed42c084bba228f0c SHA256: 8ce9ca29ed370ffbf0375d3362f1c01a7d07b36b0566681a564b8536833da883 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\caexrc5efm0noc.jpg | 52.97 KB |
MD5:
4cb276501a8cfcf7a5bd44358f09ed41
SHA1: 4afbe03959c5dfea135b6df88bffdc8198fd24f2 SHA256: fb244e8c4a07e3981c7b37fb478a597dbb49c30f69805c47872ea2115b402d81 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\caexrc5efm0noc.jpg | 53.01 KB |
MD5:
6090aa022138e1acdc214f6976875599
SHA1: ab4964d2fd5df6646e71d5b032a1bb7904a75a69 SHA256: 474cc4129f4ec9a25a2c03b4dfe609e91fc6b8d0e334b90a32e3cc05e42d4210 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\oumikifzqebslzg7.jpg | 21.45 KB |
MD5:
eb58060c599c6405764ff304d1c610bb
SHA1: 7f1a3cdd4238d0bafa2e9b9fa71ea3d2d28863c3 SHA256: 4b13465a53d91011e4ef30f2af293fffcf6d288c4cc1df1f32660b59c8f5bb61 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\oumikifzqebslzg7.jpg | 21.48 KB |
MD5:
3a2ff95718423839d8e97b5db76fa3a9
SHA1: fc23e9f1439424ea08291f051dbff55d6d9a43a2 SHA256: 7ef2ee1022cf682ed40286b983aa2c6a9922cc81cb340bada053589b8e554150 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\ubej8mebi.jpg | 87.29 KB |
MD5:
cad6cefeb45d3e1b7790be17eaa5f337
SHA1: 67bce48a89f9f7d8f195a1326e96ac0094143df9 SHA256: 2687ac21bb258b4e8f5fda9ffac09ab04cf254d0c92ae8b1012933566844c1d1 |
|
|
| c:\users\eebsym5\desktop\n0vknexok_pgffq7dmq\ubej8mebi.jpg | 87.32 KB |
MD5:
6f918d18a1cd8cf75ad34ba3de27715a
SHA1: 8eed26d9063ee93500fc14bcb30bb24d09b63e7e SHA256: cbc9feaae539e2a6f2bc0500297ec51f19ae079a8da9a56cddf237823150aeab |
|
|
| c:\users\eebsym5\desktop\v9es5badzyydt9zd.jpg | 94.32 KB |
MD5:
823d0608e7848ef780af86b001167ee3
SHA1: 17b9c6f357e4b4268db146815dae67245d87db08 SHA256: 48a7083fe46ccc2354252d51915f627df258e656b34bb9a85535f118eeeb3311 |
|
|
| c:\users\eebsym5\desktop\v9es5badzyydt9zd.jpg | 94.35 KB |
MD5:
3af8189043fe72a9fe95da9e4c732924
SHA1: 589a90e75fb651ade7a9f6c7025d6e7b0562f69b SHA256: 0103f8fe809cc0d47a7fd2bb69e0ef871310da18485087837e7454a79639e1d4 |
|
|
| c:\users\eebsym5\desktop\yel-z1obctzku.jpg | 20.00 KB |
MD5:
e49cbe4e22e85a300b5f385ed33e9607
SHA1: 6c7effd9502e224ffcb455f72f6b1864438b6056 SHA256: df2c00c2affbefe1d3ee2fdc594cdece23ea358701b61467e21cf546aa45085b |
|
|
| c:\users\eebsym5\desktop\yel-z1obctzku.jpg | 20.03 KB |
MD5:
7262dc14cf820b913dd1d11c50af12a9
SHA1: 0ef2d74185be8c32fcf03f97792556736ab10e29 SHA256: 906a42237d6bb39296c20093b8f657888090324b5f85ef597530d81f0e3e48a5 |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\-xomdlrvp.jpg | 86.80 KB |
MD5:
c5b5455b996082127d9caf1def834a5f
SHA1: 634205ff2c4f7273b3f581ead84bfd93225ea947 SHA256: d6daa31bf1d72fa9d3c4b919b0e9845ab911da6965b61a41e1a3a77ca1f9308a |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\-xomdlrvp.jpg | 86.83 KB |
MD5:
c4c33a66264b6559fdcc73f91844131f
SHA1: 74bd98af60e7831de6bf54391b403b6583f4ad4a SHA256: 3c2acf301afdf7dd323ccd2850d8cee76ff87a224b5f01fd8093c84ddb6ad246 |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\0_el-h_jipqaeyfgbf-h.jpg | 9.18 KB |
MD5:
850792ed3f4f9a7b5ff1d2efd75f647d
SHA1: d0f9478af8661eda65c711adc79b56b372384e44 SHA256: d0ed277be05fbe1afcbb851c9351a40dcad7efcbb86c162be3fe0af30d0db369 |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\0_el-h_jipqaeyfgbf-h.jpg | 9.21 KB |
MD5:
0b78eb46c03ed9decbc7aa117a3a9aad
SHA1: 291a520bd8c25ab3e4e392a19237f3b4e2972919 SHA256: 2bf4a4ae39365803985373625941e4531d8ae33dbfd7b33cea627545e75f3271 |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\7hga9vw.jpg | 50.45 KB |
MD5:
2207c53c8fa68c01586b20bbb644c5f1
SHA1: 7e295278376b8bda3f59354ee4239dabe7f55a15 SHA256: 3e3a9516f58535a70e5668008ee875c6e73e74d0c1a85b28bd6fa0a4320438fa |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\7hga9vw.jpg | 50.48 KB |
MD5:
ee2c1ba054a1dfe97c0eaa16fadd2d9a
SHA1: 057358a76d12b0a53b20e35621f91bfece5e4b4a SHA256: e70254c470f7a271d13543173900b143cefe4fa2690ffb792ca4912dc621009b |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\bkjq.jpg | 6.07 KB |
MD5:
302956b4b36cdf5b0a10c715bd4186aa
SHA1: b2ab029338dc1d21d41143418434294a411794cf SHA256: 3f47364c23136536b2c3b5c1edc09c84a43906e2d78bfe51c55ebd42b43772d6 |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\bkjq.jpg | 6.10 KB |
MD5:
46ac19dd648b56f16188d4a325eea863
SHA1: 0609353960d4363f8d94f4d559080e4f07533828 SHA256: caff1f3aec1a04b3bced0fd10150909f6d969a52a63351dd1cc2591675ff1dce |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\q5_cipvsy.jpg | 3.91 KB |
MD5:
6a26b5d5fbf22b32c7bfc70559043a81
SHA1: d8909d263787690ce5119b1024cb92df67d3fc15 SHA256: cda212f8eab86e3d49ec07b25227f3e609921b4d59883116820e0f9d03ecb1b4 |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\q5_cipvsy.jpg | 3.95 KB |
MD5:
5174c9f701256cd4ba48117f40d76cb6
SHA1: df3131008ddb04476f78fa185e58ca56f8825312 SHA256: 0b80a0c311bb30ecee84a73e6ed67744e7de62024d6183984218af2cc0e49d68 |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\yu-didn36vx-dmmka.jpg | 25.47 KB |
MD5:
1de237032f1571543ff839d62300dc28
SHA1: a91943151dfb6b7f08e0a4a1a12f23a29c5875c6 SHA256: 516f3b7ad286b921932e92440f67e3d3badd2f8705c70939a316a9998eb6ca8c |
|
|
| c:\users\eebsym5\pictures\k7njquvxo4ehj\yu-didn36vx-dmmka.jpg | 25.51 KB |
MD5:
db5ff2cae838d4d49ac93befc1a3fb02
SHA1: af957ab89e6f7b6a52bb767bcd54bc097eab7d7b SHA256: ad7ea9a84b128171ced7fb8fbbaa8e2662fed54235820472f818eedee196575c |
|
|
| c:\users\eebsym5\pictures\f_gzcnldm.jpg | 67.38 KB |
MD5:
113327a9873e58c842c529dad443ae88
SHA1: bd232999d54f6b994de003526bb31803248cbf37 SHA256: 2fdd78cb5b0c766e0dfe2022ac4e2a86e34deafb6eb268bdca57f119e681550b |
|
|
| c:\users\eebsym5\pictures\f_gzcnldm.jpg | 67.42 KB |
MD5:
140778b02898e2e61dd4cdb623058da0
SHA1: 3a884cdca198128c4ad8d19fe6d377a1c978ad77 SHA256: 5cf74f6990b1e63b7d634b29ee5bbf27bc9d7546ef4e1b48d19ec73f8d7cc929 |
|
|
| c:\users\eebsym5\pictures\srjgzsodtp4sua.jpg | 75.13 KB |
MD5:
423e25da226c745d217412e3c2e449a0
SHA1: 5f33a69794723da3825c9edc96f9bd898e7eb8e4 SHA256: 2fa7371c4a6c19704ecc4019fec7d286cdf53efd4557f2473af2c75cac715705 |
|
|
| c:\users\eebsym5\pictures\srjgzsodtp4sua.jpg | 75.17 KB |
MD5:
369da1930c428b107a5b776dfe41dd07
SHA1: 0fe072037451e8a9e4e685ea76fddeef337ea696 SHA256: 1ee7470be3e87725e78542bd098cdf8e044bdc3b859ea172fe83f04bbf9ade87 |
|
|
| c:\users\eebsym5\pictures\wh8oj.jpg | 93.13 KB |
MD5:
cd439f83ae33cea306d5091a36a3ad7e
SHA1: ecc0da24a38345475e532fb59486acb735f4153b SHA256: 770e2f98d5c25d55e31d683281c8cdc0263c0c152b02433c7d6953698a67243f |
|
|
| c:\users\eebsym5\pictures\wh8oj.jpg | 93.17 KB |
MD5:
83a1891775be419a3d34a7bde18de394
SHA1: 7e8f95355823b338ce00e78525693e98e22653b4 SHA256: f526a786fef6cdf8987e2b6a4b86c3872c00c1141ab26513476ec9e951920c2f |
|
|
| c:\users\public\pictures\sample pictures\chrysanthemum.jpg | 858.78 KB |
MD5:
f98175077393cb6484e8b4c0f9151d1b
SHA1: f2e848242059c6f6dfae67dd6b183ce0f1b24574 SHA256: e30d9f69a0c5c9a8c8e0c6858d8bce85f8fc7350b74048b7d92aa947ae4d5139 |
|
|
| c:\users\public\pictures\sample pictures\chrysanthemum.jpg | 858.82 KB |
MD5:
8e2e44911281c5f3b7bfb356478686e7
SHA1: 682e19fc2c25352ac2e2c2e56f3e0dd90c83a83e SHA256: be56e2f6baec895fb77cbcfaf8d2e9784e1afaea668982b7171fb1ab3f963864 |
|
|
| c:\users\public\pictures\sample pictures\desert.jpg | 826.11 KB |
MD5:
1172d626b0718212daec648ca0d1d22b
SHA1: df8427b8071d7f35ed5dc0664581885dc7071a24 SHA256: 9808eda7c25c066d464786f89e4bf670f8da1d1e2656d477a3bd22ba18d1be25 |
|
|
| c:\users\public\pictures\sample pictures\desert.jpg | 826.15 KB |
MD5:
3aeffe3ab19f5dc508a6c6314484fdd1
SHA1: a51cf1e6783a084512ae4089f7946d92a74df4bf SHA256: d8971b3b57a79aca8091a40b4ab3ef9d991e8d627eb9ad3ee08ff1727ea4b49e |
|
|
| c:\users\public\pictures\sample pictures\hydrangeas.jpg | 581.33 KB |
MD5:
fbe5ac79a40f2f8a3e672d3b9f30ab6d
SHA1: 7c49f45eba57af0930e2b63146bd4b60622c9597 SHA256: e058bf370dfd1567e739b20fb2ba84e59b30fa7b264294ee6ddbdec9252c5000 |
|
|
| c:\users\public\pictures\sample pictures\hydrangeas.jpg | 581.37 KB |
MD5:
8f453972e2f1db1c6d24f123afeaee76
SHA1: 816c544e3c15f8f37cccf4417256c2a68eff0135 SHA256: 3c01535f89f87a9468f6afc119f4e3330ef5c45d426c2ca09c732e08f4764bf0 |
|
|
| c:\users\public\pictures\sample pictures\jellyfish.jpg | 757.52 KB |
MD5:
c61001a1f19d7a73a8fa50f8426bc41d
SHA1: afe45731867376920fe1a744d0782af8ce4baad4 SHA256: edf7c1e7f4057d958eff9832fc6f865a8eac9503f44ff873120e5a1f5b658b9d |
|
|
| c:\users\public\pictures\sample pictures\jellyfish.jpg | 757.56 KB |
MD5:
1a24e910c488df5c9723ba4adf0e4d53
SHA1: 04ba92c26522a38d1b1b312a335e0a12b03e56d4 SHA256: b4c17eb38fd5fb62d1acf85039bd1c4515513f40032f961228780fc31307791f |
|
|
| c:\users\public\pictures\sample pictures\koala.jpg | 762.53 KB |
MD5:
9546cce950072aeeacd3e4e5a91d9c52
SHA1: 8ca26dc8e2d291de9dacd90d1267b196b299aed6 SHA256: 2cb81a04d610d5196f4bc19b44854c5d64b949def04043580ee1b2c67d614aba |
|
|
| c:\users\public\pictures\sample pictures\koala.jpg | 762.57 KB |
MD5:
72ec45e5abed0260f78c6b548f764097
SHA1: 9c51a5e548bd7cdb3bee8e72db35f831cfa63367 SHA256: d746d9daaefb12e4bceac2d779f8a32545906610e709fdcccbfffd133503438f |
|
|
| c:\users\public\pictures\sample pictures\lighthouse.jpg | 548.12 KB |
MD5:
8c869575dfb84e42b40c487a04d525e8
SHA1: 6d9176b33ed014aee04e412632ff7ad35103c29d SHA256: 438a5d0e50e68e47b3e3f8158c73b219255c3774fab01916f6a772c0c755d81d |
|
|
| c:\users\public\pictures\sample pictures\lighthouse.jpg | 548.16 KB |
MD5:
ad50673d468377054b82d36f21addbf4
SHA1: 57f4a40e82bf53756e41cd072c2b86ca48ba1f8f SHA256: 4610e0c46e996423d23abfa99641e65df0b3ca486177e5008009774eed0155bf |
|
|
| c:\users\public\pictures\sample pictures\penguins.jpg | 759.60 KB |
MD5:
15c83ae4319f6effd116a430ce0737f0
SHA1: 85dabe19bf56f74a2968adae5c0ce4ccfa3d1a0d SHA256: 58e487b3ed5ee0fc8d3dc4c89d2e0990b5568276ddff5a457944202b1ef0bfaf |
|
|
| c:\users\public\pictures\sample pictures\penguins.jpg | 759.64 KB |
MD5:
2f366013ebc4777674e702af66aaba95
SHA1: 1c63d510e0d9867d7b515bfe5ef84b7c573bee2e SHA256: 56fccb8e5b281b33ff2592b957a78afdd7472c64caa408886d5d4cac7a7bb887 |
|
|
| c:\users\public\pictures\sample pictures\tulips.jpg | 606.34 KB |
MD5:
451dfb84c81a3f0f51406edfb07183ca
SHA1: 976a617e90cfbfcaf3798fb9c6dee55977e1328b SHA256: 708b9a152acdd4cf85ef5f2a73febf563799f536d09d37c030d7b2dcd7aec43f |
|
|
| c:\users\public\pictures\sample pictures\tulips.jpg | 606.37 KB |
MD5:
bd08c86e9c63ff75a30f8be6ab2c5e0c
SHA1: fc55b7871c12477e20d0af8a222a4a704bc42d69 SHA256: e9c6642f6463ff25dd625f30ae3861794aab8b1a8d4ab969fe9fff4f3d52841d |
|
|
Host Behavior
COM (5)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WbemDefaultPathParser | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | WBEMLocator | IClassFactory | cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\CRH2YWU7\root\SecurityCenter2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM AntiVirusProduct |
|
1 |
File (1377)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\PDJBI.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\PDJBI.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\PDJBI.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\PDJBI.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\jFZGa.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\EEBsYm5\Documents\jFZGa.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\jFZGa.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\jFZGa.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\NEhnOz.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\EEBsYm5\Documents\NEhnOz.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\NEhnOz.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\NEhnOz.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\Z1ffD.docx | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\EEBsYm5\Documents\Z1ffD.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\Z1ffD.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\Z1ffD.docx | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | desired_access = GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | desired_access = GENERIC_WRITE, file_attributes = FILE_FLAG_OPEN_NO_RECALL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Get Info | C:\$RECYCLE.BIN | type = file_attributes |
|
1 | |
| Get Info | C:\BOOT | type = file_attributes |
|
1 | |
| Get Info | C:\DOCUMENTS AND SETTINGS | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCACHE | type = file_attributes |
|
1 | |
| Get Info | C:\PERFLOGS | type = file_attributes |
|
1 | |
| Get Info | C:\PROGRAM FILES | type = file_attributes |
|
1 | |
| Get Info | C:\PROGRAMDATA | type = file_attributes |
|
1 | |
| Get Info | C:\RECOVERY | type = file_attributes |
|
1 | |
| Get Info | C:\SYSTEM VOLUME INFORMATION | type = file_attributes |
|
1 | |
| Get Info | C:\USERS | type = file_attributes |
|
1 | |
| Get Info | C:\WINDOWS | type = file_attributes |
|
1 | |
| Get Info | C:\ | type = file_attributes |
|
1 | |
| Get Info | C:\$Recycle.Bin | type = file_attributes |
|
2 | |
| Get Info | C:\Boot | type = file_attributes |
|
2 | |
| Get Info | C:\MSOCache | type = file_attributes |
|
2 | |
| Get Info | C:\PerfLogs | type = file_attributes |
|
2 | |
| Get Info | C:\Recovery | type = file_attributes |
|
2 | |
| Get Info | C:\Users | type = file_attributes |
|
2 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Temp | type = file_attributes |
|
6 | |
| Get Info | C:\Users\EEBsYm5\AppData\Roaming | type = file_attributes |
|
6 | |
| Get Info | C:\Users\EEBsYm5\Desktop | type = file_attributes |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\PDJBI.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\PDJBI.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\PDJBI.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6 | type = file_attributes |
|
4 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO | type = file_attributes |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4 | type = file_attributes |
|
2 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\LocalLow\Sun\Java\Deployment\security | type = file_attributes |
|
1 | |
| Get Info | C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\css | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RI4PT91L | type = file_attributes |
|
62 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Crashpad\reports | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents | type = file_attributes |
|
14 | |
| Get Info | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | type = file_type |
|
10 | |
| Get Info | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\jFZGa.docx | type = file_type |
|
10 | |
| Get Info | C:\Users\EEBsYm5\Documents\jFZGa.docx | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\jFZGa.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | type = file_type |
|
10 | |
| Get Info | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\NEhnOz.docx | type = file_type |
|
10 | |
| Get Info | C:\Users\EEBsYm5\Documents\NEhnOz.docx | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\NEhnOz.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | type = file_type |
|
10 | |
| Get Info | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\Z1ffD.docx | type = file_type |
|
10 | |
| Get Info | C:\Users\EEBsYm5\Documents\Z1ffD.docx | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\Z1ffD.docx | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\jFZGa.docx | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\NEhnOz.docx | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Documents\Z1ffD.docx | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ | type = file_attributes |
|
5 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\PuTxL4yb | type = file_attributes |
|
2 | |
| Get Info | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | type = file_attributes |
|
1 | |
| Get Info | C:\Users\All Users\Microsoft\Windows NT\MSScan | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Default\AppData\Local\Microsoft\Windows Mail\Stationery | type = file_attributes |
|
10 | |
| Get Info | C:\Users\Default\AppData\Roaming\Microsoft\Windows\Themes | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2BY1Z7W3 | type = file_attributes |
|
62 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BIEAO6H1 | type = file_attributes |
|
58 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUV5392 | type = file_attributes |
|
58 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows Mail\Stationery | type = file_attributes |
|
10 | |
| Get Info | C:\Users\EEBsYm5\AppData\Roaming\Microsoft\Windows\Themes | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures | type = file_attributes |
|
7 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | type = file_type |
|
8 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | type = size, size_out = 0 |
|
3 | |
| Get Info | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0 | type = file_attributes |
|
3 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0 | type = file_attributes |
|
2 | |
| Get Info | C:\Users\EEBsYm5\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QN4DSE0E | type = file_attributes |
|
1 | |
| Get Info | C:\Users\EEBsYm5\AppData\Roaming\Adobe\Acrobat\10.0\JavaScripts | type = file_attributes |
|
2 | |
| Get Info | C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default | type = file_attributes |
|
2 | |
| Read | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | size = 47360, size_out = 47360 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\PDJBI.avi | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\PDJBI.avi | size = 99456, size_out = 99456 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | size = 64128, size_out = 64128 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | size = 62720, size_out = 62720 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | size = 100608, size_out = 100608 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | size = 87680, size_out = 87680 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | size = 4608, size_out = 4608 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | size = 51584, size_out = 51584 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | size = 97408, size_out = 97408 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\jFZGa.docx | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\jFZGa.docx | size = 13696, size_out = 13696 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | size = 44928, size_out = 44928 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\NEhnOz.docx | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\NEhnOz.docx | size = 81024, size_out = 81024 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | size = 83200, size_out = 83200 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\Z1ffD.docx | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\Z1ffD.docx | size = 40960, size_out = 40960 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | size = 49152, size_out = 49152 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | size = 90624, size_out = 90624 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | size = 82816, size_out = 82816 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | size = 88704, size_out = 88704 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | size = 90240, size_out = 90240 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | size = 37760, size_out = 37760 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | size = 25856, size_out = 25856 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | size = 98944, size_out = 98944 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | size = 54144, size_out = 54144 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | size = 21888, size_out = 21888 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | size = 89344, size_out = 89344 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | size = 96512, size_out = 96512 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | size = 20352, size_out = 20352 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | size = 88832, size_out = 88832 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | size = 9344, size_out = 9344 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | size = 51584, size_out = 51584 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | size = 6144, size_out = 6144 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | size = 4096, size_out = 4007 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | size = 25984, size_out = 25984 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | size = 68992, size_out = 68992 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | size = 76928, size_out = 76928 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | size = 95360, size_out = 95360 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 845824, size_out = 845824 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 595200, size_out = 595200 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 775680, size_out = 775680 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 780800, size_out = 780800 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 561152, size_out = 561152 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 777728, size_out = 777728 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 4096, size_out = 36 |
|
1 | |
| Read | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 620800, size_out = 620800 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | size = 47360 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\kkoSGH02h8nAZ5ijV6.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\PDJBI.avi | size = 99456 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\PDJBI.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | size = 64128 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\qglz_e5 ezJdYeN6jycj.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | size = 62720 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\r6Z9tuN.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | size = 65664 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\GeMBbw0Qq91qPUvYj4q.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | size = 74752 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\PzwzLHr75PE32famb-Ao.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | size = 100608 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\1nwExbWQS.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | size = 87680 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\5Fc-F1.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | size = 82432 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\2S2W7P9bWyU2re0s.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | size = 35072 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4AjQQWj0Ey-EqcZCPmsX.avi | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | size = 4608 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\5v08NJeJLTUpj3Nb2.doc | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | size = 51584 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\53lljaAW9oScw.docx | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | size = 97408 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\8IvD 2VswS1iM_TyM.doc | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\jFZGa.docx | size = 13696 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\jFZGa.docx | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | size = 44928 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\K4gRJXdU4NO58n cq.docx | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\NEhnOz.docx | size = 81024 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\NEhnOz.docx | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | size = 83200 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\UMpvHUqR_.docx | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\Z1ffD.docx | size = 40960 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\Z1ffD.docx | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | size = 49152 |
|
1 | |
| Write | C:\Users\EEBsYm5\Documents\_YaFFgXctgsM.doc | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | size = 90624 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\4BwpPoQsbNBOW.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | size = 82816 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\BrO8fI.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | size = 88704 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\3T M9PFn1DzwFK Db.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | size = 90240 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\lPh_hXcFwyNZuJLm3H.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | size = 37760 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\PuTxL4yb\tf0d.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | size = 25856 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\PuTxL4yb\vLUNV1qAa.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | size = 78208 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\sddAo.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | size = 46720 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\4tgLWUEU6\yuGv2kkmkuL4t.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | size = 98944 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\pHIJN6HKKB76WI.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | size = 65408 |
|
1 | |
| Write | C:\Users\EEBsYm5\Videos\WzAu4JRaaVflDPkh4\UiHkjcWgW2GwJ_uRK\Pg7PrLI uB-3E-IQ_WfO\YhLRO.flv | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | size = 54144 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\cAExrC5EFM0NoC.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | size = 21888 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\OUmIKIFzQEbsLZg7.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | size = 89344 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\N0Vknexok_pgfFQ7dMQ\UBej8meBI.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | size = 96512 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\V9es5BAdzyydT9zd.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | size = 20352 |
|
1 | |
| Write | C:\Users\EEBsYm5\Desktop\Yel-z1ObctZkU.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | size = 88832 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\-XomdlRVp.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | size = 9344 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\0_el-H_jIpQaEYFgBf-H.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | size = 51584 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\7hga9Vw.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | size = 6144 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\bkJQ.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | size = 3968 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\Q5_cIPvsy.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | size = 25984 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\K7NJquvxO4Ehj\yU-DIDN36VX-DMmKA.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | size = 68992 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\F_gzCnlDm.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | size = 76928 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\SrJGZsoDTp4sUa.jpg | size = 36 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | size = 95360 |
|
1 | |
| Write | C:\Users\EEBsYm5\Pictures\wH8oj.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 879360 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 845824 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Desert.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 595200 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 775680 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 780800 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Koala.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 561152 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 777728 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg | size = 36 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 620800 |
|
1 | |
| Write | C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg | size = 36 |
|
1 |
Registry (42)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = FirstEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = LastEntry, data = 2021, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2009, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2010, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2011, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2012, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2013, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2014, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2015, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2016, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2017, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2018, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2019, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2020, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time\Dynamic DST | value_name = 2021, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | value_name = MUI_Display, data = @tzres.dll,-50, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | value_name = MUI_Std, data = @tzres.dll,-52, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Greenland Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-51, type = REG_SZ |
|
1 |
Module (53)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\Microsoft.NET\Framework\v4.0.30319\\wminet_utils.dll | base_address = 0x73130000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x9e0001 |
|
3 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = ResetSecurity, address_out = 0x731324de |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = SetSecurity, address_out = 0x73132520 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = BlessIWbemServices, address_out = 0x73131c69 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = BlessIWbemServicesObject, address_out = 0x73131cbb |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetPropertyHandle, address_out = 0x731321b4 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = WritePropertyValue, address_out = 0x73132617 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = Clone, address_out = 0x73131d0d |
|
2 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = VerifyClientKey, address_out = 0x731325b4 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetQualifierSet, address_out = 0x73132215 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = Get, address_out = 0x731320d4 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = Put, address_out = 0x731322be |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = Delete, address_out = 0x73131f31 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetNames, address_out = 0x73132182 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = BeginEnumeration, address_out = 0x73131c43 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = Next, address_out = 0x73132283 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = EndEnumeration, address_out = 0x73131fc2 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetPropertyQualifierSet, address_out = 0x731321ff |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetObjectText, address_out = 0x7313219e |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = SpawnDerivedClass, address_out = 0x73132566 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = SpawnInstance, address_out = 0x7313257c |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = CompareTo, address_out = 0x73131d8d |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetPropertyOrigin, address_out = 0x731321e9 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = InheritsFrom, address_out = 0x73132228 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetMethod, address_out = 0x7313213a |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = PutMethod, address_out = 0x731323da |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = DeleteMethod, address_out = 0x73131f44 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = BeginMethodEnumeration, address_out = 0x73131c56 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = NextMethod, address_out = 0x731322a2 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = EndMethodEnumeration, address_out = 0x73131fd2 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetMethodQualifierSet, address_out = 0x7313216c |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetMethodOrigin, address_out = 0x73132156 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = QualifierSet_Get, address_out = 0x7313242c |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = QualifierSet_Put, address_out = 0x7313247a |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = QualifierSet_Delete, address_out = 0x73132409 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = QualifierSet_GetNames, address_out = 0x73132448 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = QualifierSet_BeginEnumeration, address_out = 0x731323f6 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = QualifierSet_Next, address_out = 0x7313245e |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = QualifierSet_EndEnumeration, address_out = 0x7313241c |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetCurrentApartmentType, address_out = 0x73132215 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = GetDemultiplexedStub, address_out = 0x731320f3 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = CreateInstanceEnumWmi, address_out = 0x73131ebb |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = CreateClassEnumWmi, address_out = 0x73131e45 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = ExecQueryWmi, address_out = 0x7313205b |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = ExecNotificationQueryWmi, address_out = 0x73131fe2 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = PutInstanceWmi, address_out = 0x7313235a |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = PutClassWmi, address_out = 0x731322da |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = CloneEnumWbemClassObject, address_out = 0x73131d20 |
|
1 | |
| Get Address | c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll | function = ConnectServerWmi, address_out = 0x73131da3 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
System (690)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = CRH2YWU7 |
|
2 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
552 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
3 | |
| Sleep | duration = 0 milliseconds (0.000 seconds) |
|
125 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
6 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
2 |
Environment (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = COR_ENABLE_PROFILING |
|
3 |
