reaItek.exe
Windows Exe (x86-32)
Created at 2019-06-03T19:04:00
Monitored Processes
Behavior Information - Sequential View
Process #1: reaitek.exe
15601
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\reaitek.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\reaItek.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:16, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:07, Reason: Self Terminated |
| Monitor Duration | 00:00:50 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x408 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
48C
0x
9E8
0x
DFC
0x
AC8
0x
260
0x
B0C
0x
F70
0x
39C
0x
D30
0x
7BC
0x
CC8
0x
CE0
0x
F3C
0x
F34
0x
CD8
0x
D78
0x
F50
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| reaitek.exe | 0x00400000 | 0x00418FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\reaItek.exe | 92.50 KB |
MD5:
192fed92c8fe3eddc5734e18cdc1b097
SHA1: ee24d152c7270cc4fd45fd88dea2b8fdc9fe39d6 SHA256: 2e0490c69212fb4ad20cd342bc8d257450f7602930700dc582196032d572f34d SSDeep: 1536:mBwl+KXpsqN5vlwWYyhY9S4Afn/VfqritEYSBIhxDeMc8IR9:Qw+asqN5aW/hLp/VCri7DdIR |
|
|
| C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 14.09 KB |
MD5:
06e36fb1e320d7a2f9a9f93e3c6c9d4f
SHA1: 225020aed0b15fbfc88ff99c6193fdca80e3ef54 SHA256: d84c065bccd6fc8f5855fef0aec62a3426bc1d797623413d63fe70ac1bb3d444 SSDeep: 384:iU45oBJoN+ik50AOirZTR4o0zyrYmsIU9u4rHHH7C:iN58afkVrTR4EcbIouSe |
|
|
| C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 17.09 KB |
MD5:
fb0044dd1b7680967d0616fa525ba1e2
SHA1: 22c047d98e9c9f8dd8c4f1647d5e4e8b6c852e54 SHA256: 7ddbb5e4a44e233aba733504add08b0f72b36e9daf24a6efd3b4f6b60dfefd42 SSDeep: 384:/lVQV+t6osjGnXVXRJjf8uXJRJyCsAoS4HuiqthzTRyYl96C:/XQ9os0XVXXwMTJXYHTITD |
|
|
| C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 19.09 KB |
MD5:
9cdb4594bb2614e289e60be1ded891f2
SHA1: c667b8e3db320134df14190e99537a5340c1c372 SHA256: cf96ab70430e0b591d4ec7172ac319dbbdaf1639ac35ffccbfa2ffcb10d85800 SSDeep: 384:v6OHicDvz3UKDtFsnsnQRGtr0RwwegBewBZdzGWMh05hISCb9rwC:5CQzk2tensnxrmedwBGWa6h3gd |
|
|
| C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 17.59 KB |
MD5:
30d9f38a97e22fd0ebb6e30a976755a8
SHA1: 1947c5d53f7f3698a57309c5be71edcf61842a75 SHA256: 908444e844ccbca775ec9219be612c8cbe4202eaadef708837bbc23ff76cede7 SSDeep: 384:MYlOjNrTlaNxzjrctaiLpLiXq6dtnUhC28fSMDLYSOkZEhafH0mvGus1C:M0EJy3Oifd9mefSGgkGeUVa |
|
|
| C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.09 KB |
MD5:
c887d0d0c932b4447735c5abab102cc9
SHA1: 2517337429f1da1380bd3070bd3a51dd58aff19b SHA256: 425a903055db725f1be0b8ab651b0a92d51ae54671e0073101ac50ce5fae8245 SSDeep: 384:mEHJcFdKtzzlXPU5ttCzrQmQBVnvTsnxyC:mIJ+dwMtA43vYnJ |
|
|
| C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.09 KB |
MD5:
d106838bd055bdc5f0be05fbf7b72818
SHA1: d5af16777c265bdfabff09efda20e7df930df812 SHA256: 48f00310b578530fb2254caeb976fee52196c6d2c91a8bb707db3555459aa64d SSDeep: 384:Tew2vt3iy+f//+xvXkjHPBLttIR7WIotxbOdnXoyvRwt/s1UeC7MoC:Cwy+f/Ucj5RtgSx1iQ/uUeCE |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
92f866dafcbf63753148e3ff150038da
SHA1: ae70223045586d49b73d44b261fa5518075265ab SHA256: 53668dcde3429f0effb352cb61ec8004d880fef6c305b8e35ed6847f4ab249ee SSDeep: 24:iqJTO0aC/JiQtpnJvTcAJ1YafJwZSXv5ocuImXvYpP3kSCLHny:iqJTO0L/JLpnJvY4nhwZcLuImXvYV3ko |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.36 KB |
MD5:
504b5b58cfed308c320332fa8ba54c5d
SHA1: 463726354bb8314a6bc220bcfde251b50becbc97 SHA256: 5c835a4fdb3811ab12772758c79c0cf3777b93348109f5b1999abeaf076a2b38 SSDeep: 24:aTji8xtH0wx5m0uYIOEbz71RsYuGFa8PA8/n9gKhxPLDSCLHnk:aTjiKxQ0uYMz7bss4oASgKhxPLD5I |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 78.37 KB |
MD5:
0ea4005888466f4f794b1d8c6c9bdb40
SHA1: a70caabf976d40eceb2886ab210bfb325e421e94 SHA256: e1eb14dfb9341ee66a5343f2a7efca23d197494432a5a91df11448ab796ed4b5 SSDeep: 1536:s/zuQdRSlX5xZZbuySsvQOc7s/pxGh7rF5zxwTPeMfePNJpraCtB7e6WfxJrMi:s/zuQy/PwP5xZxw3e1DTtBK6W5JrMi |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.22 KB |
MD5:
94eb35cc22dcf52287e9708450cb4507
SHA1: 525e6051e55af86c022e63208d54c4194b29d441 SHA256: 19cfcd1fd98154fe4954be31bbc15fd37b27edac93a43b4158d7afa2bdff50ef SSDeep: 96:LBO7zRQUuAgKghZTkh3kLfrijiMMHbXAch/EuQ:U7zKUuPp23kfeiMIXAW/vQ |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC | 38.37 KB |
MD5:
c69563d40033f2fc578dc8e98fa29c94
SHA1: a0e51be7b75d66ca1959381d4436632e4bd6bd35 SHA256: a52ca356179e6e1d576436d8515703db4e88d8c126fc3b1a91f8359ae8ec90b2 SSDeep: 768:xvnkFDRrsNsmRVBM7Rv/4nyooRtJXkxzwsDTtlSKCDt6nxUWq324zb:xsPQDmv/4njoTpkKEgKMGG324zb |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[basecrypt@aol.com].BSC | 40.36 KB |
MD5:
76e2998b1358e303c5af189051e7d27a
SHA1: 5bcabcf9a12bc813ce65da35f59c8dc97006e579 SHA256: d51e4d96ac16b6042a4763db8b7bc11181e60d183c0f17b85c2650d4696695c0 SSDeep: 768:+SgoOmVRN7T2i9PyKozhKHoF4zrp0Oa0lkwhJZMfO6N9fEsUKkoLFh1HF:fVOmbRPyXMoWzrllkwreYGk6FB |
|
|
| C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC | 38.23 KB |
MD5:
f7926021db51eaabc89fc4bffebb3c62
SHA1: 6372bdb58d88c005da2d7a606df9c1a489bb2163 SHA256: bd0f6981f64de1aa4df0de20b72eb9e69b52310b9e7dac2b590448dc8832b295 SSDeep: 768:vjBj0EUlZax0kDREjjfSjsuB/Ehwm6jgeGsSLl907THeOXHVX:LBj0E+aOY2jduVEhwmKKx90/3FX |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi.id-B4197730.[basecrypt@aol.com].BSC | 852.27 KB |
MD5:
7f37b4bc594d5ed50f4e7e91ba03f7a9
SHA1: 3ae791547837e8f61de8bebb890ff1940f0b4bcd SHA256: 165814714e3ac2ed82ba7c8f5ebad77e42bd0bf097302e9f6ca7581890f83f01 SSDeep: 12288:uZR2NcVQ7Q6qQ3MJbQXzSPF+JiR0CAHvs2vxdiSyJU/LUCm+FCQQUou8T+:uTAqQ7Q6qQ34b1PwzHNvVyZCLEQQU9Y+ |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC | 4.93 KB |
MD5:
bcbea04bdbd9fe6e4a77b064ba862bb1
SHA1: eed9bcd081ced4a65fbd1978ef906b11e7a08437 SHA256: e08096faf19a9e0e99b73653ed25ad7286e181f93eb1dd15da96d1f8f8895aad SSDeep: 96:a7Ar3ZyNatsffYxa+SnnmBSl2RWVA0SV2C0tp3EFMXl/zHAGapq1FLH:agAatafY+nnpSWxGNupUFwr/C+lH |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC | 4.62 KB |
MD5:
31ac0771439a2926b1b0c3123f9611c2
SHA1: c19e19906cf79d2e1cfa821ae1d221b618985c3f SHA256: 6c5fc89b4cc33a5a3f4f3c5cd12c4c350bebca1cca8d1330c7a82e040df9d491 SSDeep: 96:NZ8iP510feVuOh/Sx4jQkxsYpKQX1XL1jXK/jSK:XtEtOhSkxswHXRpXK/jSK |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi.id-B4197730.[basecrypt@aol.com].BSC | 484.27 KB |
MD5:
ef671a31fe65b9cd382272157e4305c9
SHA1: a3f64996ef17c34d2389630e24d8d09468a211de SHA256: f1e627605a00d86d792d57a026ec88285b73e40d4af6cf9484b9916d81dd2282 SSDeep: 12288:rkXuoXlSvYPP6ogt/TsnT9CeU1RgCao+VLDYis:QXXlS0io0YnToeU0uSDfs |
|
|
| C:\588bce7c90097ed212\sqmapi.dll.id-B4197730.[basecrypt@aol.com].BSC | 141.27 KB |
MD5:
afcccd23b9f8f422a75c05420dee1e82
SHA1: c52217ac2b60556df3227251f24cb95eb164758b SHA256: 4f6f4fb37f191adbdbfcd59f35d585e01f87264547fb5e686f85ee5853394182 SSDeep: 3072:vy6Uh33zpUu9aupsNAnZzZH9floG48kJhniborMvuE:SfH8OZJAG4dJNcuE |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC | 2.84 MB |
MD5:
117310a69e7358a2267ccb30995a1693
SHA1: 815e32b41cf601be3d875274036dd3efacb5298b SHA256: ce6a1e0cc49438d965c1e0ebb58b9bb8d0d455cb6d143076c45efaa641a82f9a SSDeep: 49152:WV4YaGoDumT1r7AdXZy9KU2KUYxs35DKZ3OIK8XfJc873efTqiEwo:WV4Yab1PAdXZzKUYxs3pKZnK8BcL7qjH |
|
|
| C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id-B4197730.[basecrypt@aol.com].BSC | 320 bytes |
MD5:
b9280e112da25e34654d85d343857828
SHA1: b51f4f9d02423664e9225b019a349cfefc7a1f7f SHA256: 6f8017a6cafe7264a014f94c96652248f3d73cc71b7e71bdecbc661abfd18f00 SSDeep: 6:QFNO2us1el1DmRH8lD7gjk5D0CaPYwxcO8XTywr+j1lGTwJa5h:QF3TU1UH8lIjkaVPXqXTpq3GTt |
|
|
| C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[basecrypt@aol.com].BSC | 41.97 KB |
MD5:
64bd29f01ee420b53e836d4d17d46ecb
SHA1: 47d63ed054fdf0b2aa259f7ac4b52a87a4a8710e SHA256: ef71611e280bb6683908508d26fc25b472fbd5be6cce9854ec6993fc8b22df2b SSDeep: 768:2D7zR8nHaZOss+EOmFC0YIX2kt2hFqLtWXM8+2MLjIW5iSeKlm3bURIeDuCjC:2nt8nHav0YTktMFiWXM2MLjIW5iSeKlq |
|
|
| C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[basecrypt@aol.com].BSC | 6.14 KB |
MD5:
2b30a79ad3f3a9731ac77ca48f218643
SHA1: 21c9afcf33125ea3dfc8d4fa06a27bf47c939480 SHA256: cde5b4fe9bed5ac4b22e5f2a995b8c651a7ad94915272fb5b86f60a8fa457ddf SSDeep: 192:fwXTLELrcDJUkp9KJwd1lbGv7t0jTtT1LtDL:foT2rgUAgIbbGQZ1Zf |
|
|
| C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC | 378 bytes |
MD5:
76da52a1fc23a0c68b4a924ab92b9e8e
SHA1: 1fc0db7eb3932a57f83a8a760d68e43728a09dd6 SHA256: 8cf3bfb249c64f418635abdd1f5d60576f8e3c2c0c02fe6fd1d0c23085579392 SSDeep: 6:565K99VH03VO9gkx6Is0ax9bVQ+c6WC25DykHeGmhcO8XTywr+j1lGTwJa5X:565e9l0VVkv2x9WE0tHecXTpq3GTL |
|
|
| C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC | 378 bytes |
MD5:
12f143f53513b8549570d9061f672ada
SHA1: a46bf5822c411b45d67033d1f9f28b744f088a76 SHA256: 0761d5e90faeddc5ae235b263ae4c465b2592f115558f6b3ffb4a69d1257bd72 SSDeep: 6:/NQn/1Gf1vfRlegGizb6WC25DGZihcO8XTywr+j1lGTwJa5X:m/IflfR+izG0AZi6XTpq3GTL |
|
|
| C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC | 566 bytes |
MD5:
ad268fbef3fa9728e5e4487cd1b11df6
SHA1: 457f2649ee61864d37570cbeb7aee5ebf3bd3de5 SHA256: 10d725253a0d393e18fda8922bd04ddd4c9518c58178ec752781df5d0e197132 SSDeep: 12:wyIE9Z7PPWoKoRx5moCTj4RLUViFH8lBkGIah0CLHnjvYHn:vWozVmtSUViFH8lDHSCLHnOn |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 6.39 KB |
MD5:
53db4397b35eca41126f4f9c449b4bb7
SHA1: 723311415b4af084ade0ba21cb661896f0693bf8 SHA256: b3be6b9735e9eb00378f4cfd1c48394d8e2df082addbacba1de994f227359fd8 SSDeep: 192:vJ1PbhY1d33C3a0Z8LP0WdxFZUfZPGZ00p:Btbh/9+LP0WYflU0A |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 7.61 KB |
MD5:
b844868b0a50bb6ce5e8190a0b67442e
SHA1: 5f0fa88346729d6f05264fc841dbcbe47b7ab1b6 SHA256: 2e2350290372e4e61e4b72b8b9c4e5b17af952c38ce81de399865d48cd202610 SSDeep: 192:fajZ/CvManngwqYuUQwyOu/0rK/VqgNnQWwrcuOCljgg8/B:y1CvMagwQwyP0W/ftwrcXCT8/B |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 72.72 KB |
MD5:
c082111e3bc4cc209c900da8c1b0c846
SHA1: 95ec7df04eea7b5266ff31c2cb8688e8ede28569 SHA256: 0add56c5893a22b050d6d3201efbd9a2e4ec11a1ac17fb6cde78606b40dc435a SSDeep: 1536:29/TVY4LSbCAcwstpqfhzUehF96cikosq:G/hRrAcwscUWpiBv |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[basecrypt@aol.com].BSC | 140.95 KB |
MD5:
6d881ef79d813ee762556c712b85cb29
SHA1: defeef10b5d2c946384442eff5fe8aa4226c87eb SHA256: 1dae68ddfe87d5979e9234749a28c324076f867f9e2d725419c1222e6dad55a3 SSDeep: 3072:TYKoGnysrc3v7U/ie7DkmnE8qQsFO8gRHaJMoDYEhEd8dgF2BIw:TYKoGnzrkYiesmnoQsQrRXOYPF2iw |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[basecrypt@aol.com].BSC | 416 bytes |
MD5:
161581d46dab08d16b961d929356cc3b
SHA1: d7f76188d39f64e7206f81b41dd25805a21172b4 SHA256: aa8735a9ca7125f255a94ae3da764842f1e3d797df6b6238ed6649ead7f87573 SSDeep: 12:7BKtAGPPU5qShGUwmjI/laqabXTpq3GTd:liAGPc0ShImE/laqV2B |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.86 KB |
MD5:
7d8fd5e0d9058a5fe3a814ec8398a1a5
SHA1: 3321868929f46443f046ae2db35fe4e8b55d3f8c SHA256: 871e5962c097b0e813313094433fc1f2c8fc95c2be9066d0e18d96a50d016b0a SSDeep: 96:LpxA80onIJLw3GFS4hYabAR3EiHurYSALo1dKFQmEp1YTm:L50onIEcypewL8wqOm |
|
|
| C:\$GetCurrent\SafeOS\preoobe.cmd.id-B4197730.[basecrypt@aol.com].BSC | 314 bytes |
MD5:
586f517e9585cf8d8d1f5e8ad3bfd12a
SHA1: 03962a460355a81f31e4b5fe936448d05dccd587 SHA256: 36cc88e2f046fc863b1717b25aa4779967cf3ec91ebe4040c25d8c555cf2fc9b SSDeep: 6:CfEdqZDf1c7L1QlSan/c5D2yNUdqarQ95h0CLJ1ngk2mvYj:CfEd2uPdankXNJaah0CLHnjvYj |
|
|
| C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.09 KB |
MD5:
95c18d352a1d0878f8c295c2581cb14d
SHA1: ed9c2f2061468fac44ec3fee4dcb6efa174298e2 SHA256: 22ad0ef41b64410ced3aa03a17c0c53b7fa7f80635ad7b9d8fadb8ef267889ca SSDeep: 384:qHsSn33RqvwWZXA1291tqRwJFWITJ/yFxZBHRgC:qHs+nEpAq1ARwXWIRyLDf |
|
|
| C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 17.09 KB |
MD5:
ed5780cc36a5ef7fe2f4f82c364abd19
SHA1: d155c774f71e317da6b027f38229075e67cce0ef SHA256: 400365e886b99194a0c29113bb8bbf0f221f99142e1e75f9d4b77fa6cda01782 SSDeep: 384:eYT54ZXhYQ8P9rDJ6nPavvhkTQyGy/hvBns7y/JAnC:eY2oQg9/J6nivvhHy/l1s+F |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 76.18 KB |
MD5:
fb00e9ca29597bec04ee03421b833251
SHA1: 6c02a14e917e3c4b30cd610444c25f86b04fb6d0 SHA256: 6f525c5e16afcac946b4e8a890e8bd70568d2bd5bf98529f6568f77adff39abe SSDeep: 1536:Qwtc4e9q9h6m+NWA7Y3tLo9Lqoccu6W9ibdlzr/kcB3v:Qwi4F3V+NWA7ASjTTzrccB/ |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.47 KB |
MD5:
da5acabe84b9a315e6173662af7ebbf0
SHA1: 835dfd9e715bdbd0b4a681cc8591072437344c55 SHA256: 554a0d856cf420fddfef84b73b63d85a277ab6b95822f796d5ca7caa2995ffe3 SSDeep: 96:FwNMI808CZQ/zjjDk7ODvJXIReOZoYMO54B2MENud6:Fd1/zXJYRmY98TEN66 |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 79.32 KB |
MD5:
f4323da39a93e6ccd64a00aebe73b61f
SHA1: 1065c8b9ff913f632256ab170e2d9204e5a95145 SHA256: c0fe8dd28fa352f9176de7ab61acdc3ef7a3166b09ec9d7ffb280f9ae8426639 SSDeep: 1536:HbEMbUvZXCP1XZycRyDGYMXmJtnjFs1aAfdgcbecjQeD:7eW+GUGqNof/bewrD |
|
|
| C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC | 852 bytes |
MD5:
8f8e421eb0f23b7a6e8289aec0245f7b
SHA1: 1e62aa76f9af8f1f7f66cdd0c4b12ec008350e1c SHA256: 5426b41151de0d5bb1e32e1b229c65083df48328ccc4a0a7db9dc16d7f065ce3 SSDeep: 24:4zI54FkQkISUxPRkGlIc8OE9qNYGEXwGPojYL+mZf5oceH8l4ZgLSCLHnU:bEkQPWNONYGEsjYL+mhiP8lkgL5Y |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 59.65 KB |
MD5:
6f50f2398513d18b5ad02eae271d1b8d
SHA1: 74e6e8428f0990a88af6ff8172defc533e3d71b5 SHA256: cdac1920b3d5499de482239cf1a3718004bbf6d51e408030623d0fdfa52c3c56 SSDeep: 1536:2z9q/35TGznY7s6lje7i+O/844ttPOYhOWM:2x+51oyje7OUDttPOaDM |
|
|
| C:\588bce7c90097ed212\1032\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 19.09 KB |
MD5:
87ffa6f4223b77b72882553123ffb40e
SHA1: d09ca582f2862c1b29c5f865ab1fe9c1fca8b36c SHA256: 5a649753ba28d6f90765ee192fa63a12a0763feb886dd0bf5ad965aaa1fb5233 SSDeep: 384:f/xmX0NX5lsAbLnCEUdHV47ogNtuOfCwrP2Ahpm7WnHnqLFJt0ngSXveP3pHoC:hmkzS2LnKV4vuoCQP2gmyoFQgSGpZ |
|
|
| C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.09 KB |
MD5:
fddcc0e7eb05b651e05d3258022e1908
SHA1: 55b1c1e4d2119c03cb1acb8bbd3bec1a8c0c10b5 SHA256: 21edd7795dea30e38269e7cceb8936d990487a6a4660b290a3a61ea2589d7f31 SSDeep: 384:w1U8lF2UA/nSQWJ51BkD1ARbbUQlNxirbh6B1occILRuUoQ/eNwZC:GxtQgcD1QO6D9LR2Q/k |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 8.89 KB |
MD5:
a51dc10c503d557e7f4fafc5c541d9df
SHA1: a2a7bd9177d96478adc4594dc56ac585655c2ba5 SHA256: 9af470356167363d9f49e1512727a210592b8703eb0f4b5fd85331155b829700 SSDeep: 192:g6AkIZENMalRNjMFIL3Smx1IufeHS6DUkIrSt/4Jw0UdPgGYgNMQ26B/s4VEW2:lzGa/NKILi2yxD4Wl4JZmPgGbWTOVEW2 |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.35 KB |
MD5:
749fdd5af459f80aa00697b873305020
SHA1: 6d642a2a72e11a149ad44225cc710213c3969b8d SHA256: 96e48bee0e6d3b13dec09924cd6c05fff98c4d5704f42a9b809881679a5ac7fc SSDeep: 96:0XiiOCjbLpWyQdA9XzCINNADLHZM1xDdQAw:0XiMjbxQdA5+IE/ZM1xrw |
|
|
| C:\588bce7c90097ed212\1031\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.59 KB |
MD5:
827f10abae91bfc0602eecf9cc6852b9
SHA1: c18720437e986e8cb6be3aa285cf2a1b7e91225a SHA256: b96d73423ec9cc9f2505024595ac1deda1659c55cb93fb5820c6f627cacfc761 SSDeep: 384:jGG0JQ9jS9SPTn0X5Lc7Ex3zXfnlipMJCdafjsNAbf8+o8+A9miBvWMGH3qNvLaT:yG0J+u9SPT0Xnl66fjhDoFAhMHWLO8lA |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.57 KB |
MD5:
5529d0f81299a4a587ec60d12b5f909b
SHA1: 4c2f8390306ac584479f00627341a4e998b44753 SHA256: b50aba0b3753e3c3b45f5f0f4ff26b58fe1cd6def669cb1fd6a1d627601a2fbe SSDeep: 96:YiyMol3aaTiJO3CkMhsQR7StOv43K83LjFkZtmBUC:Yiy5Ti2XChvvyL+ny/ |
|
|
| C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.09 KB |
MD5:
d740c2d5aefc86e6b1897fb43b4c0f26
SHA1: 680def9509dabbc5f50e3e702e1599b523295e7e SHA256: 35aad34418ea62f66dc3e67c54a880c137afdd7f664ef173e5efbe65347683b1 SSDeep: 384:QccbPKIeTBepL6sKrYnF+cgYzFY6MRaDByIFj5NLeL3mkNTpdat4aC:QlUBepu5roscnY62KNS3PN1dag |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.85 KB |
MD5:
eda9344c0b145a4d4314aa0f9d699a94
SHA1: aeab4ee2c4026385a3baba6d3e01e366a1dc5c76 SHA256: ffa14567066efa1f71f2d7647720f351995041d5d6eed229a166e9de8123867d SSDeep: 96:NhDbaRSgA+6i0w+LocRfu56sosksH4w2vqlvfBcxy:LP6qwKRm8ssbGOM |
|
|
| C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.59 KB |
MD5:
acd67b4f0a69877a523ce68ec7c155b0
SHA1: 1e5b4bc413f128f30600207e1bf7a042f02bc834 SHA256: f1e58acebb4f2363e5ade6c8d2bf3b6cf7a322bead88dfe68276c44526ab095b SSDeep: 384:jeCpsuIT2/bSAnbNZSXL008lr1Yq1cmEbX9A5u7qg4C:jeqS2/bx3ER81+q1wX9A5u7qQ |
|
|
| C:\588bce7c90097ed212\1037\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 16.59 KB |
MD5:
b78ae8a404bb523eaa3f89b448b5a82f
SHA1: f973d8a23bfd74c82d23399a5020091bf0ad6f0e SHA256: 9f4a1468963182dd572a034b855a5e6c5c50cc67a65387c35ac7d3781ed9a9d0 SSDeep: 384:KFQ+yy1nwecgC6Uf9pwuqt74wOLlMEEc/LU7a8iibbC:KW/yZwJgC6Uf9pWt71hEEEg7a8fa |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 75.46 KB |
MD5:
511a5ae982008e6303208dc3c5c4cb2c
SHA1: bf3b461eefa50d2e5351af358a38f25c4ec3f39e SHA256: 75f66d3a6d1aff2af365904851650bfbc261e5ab06b48b7418216a4912c70c2d SSDeep: 1536:SQ82HJ6Cz6tcSyViNNsDtm82I03s13PeZ8aqiyCgcD8yhSCiPNrT:SQ8sYC2VyENsDS53s1feiaFgcDdGBT |
|
|
| C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 15.09 KB |
MD5:
2b9c6ae3e85f4799189e897f231f7be1
SHA1: e501663dcb332c5f7295ecf65b8a076d4bec128f SHA256: 13d6556965fa951721f62cec3154d08e944ca17c4ca134c810f9d968c4302cf0 SSDeep: 384:kTa9k0glhtf6vyzf5O3rfcwA/rpcxYNepRzsVXDr4YO0L2DC:3ktlhtf66zROLcwA/a5OVz0YRx |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 75.68 KB |
MD5:
3477037a525363abf02a03f257b8e2a8
SHA1: 79ad8a1a09110e0411314f60b7d93b28809bf029 SHA256: 1434cce5793c2fb746ebc74352b230c1c94f006126c70fa8dc960e614758fcaa SSDeep: 1536:z7P3KygK+WhrJAG2ZMh1VSrA1V7iM/isMGJVfuA4J9fFzSvc8H7b:ffKyl+WhNTx1V/V7iGMGDfuA+IHn |
|
|
| C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 15.59 KB |
MD5:
949e9747c9c5a91989a00f6cbe101a43
SHA1: 54bd29e2acde21402ca5e16f34ee5f96017a0cb1 SHA256: 775f9303c3129b17a496577d3d6251d46246e6af8f60636898e076f9113993ba SSDeep: 384:xrMYlMiIyUZeqt+vP77B4RAHaH4gbiSIYmXKJ4/uG+TC:xrll7srt+vjy54gbiSIYJyuC |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 84.51 KB |
MD5:
6f97acfe5c92b9ff6352a7746d48817d
SHA1: fc8a13e93e8526b954b8384fa79a59269e5e19a1 SHA256: c3a939c1296e483f0f3132e8a7a4c424bc5b934a354bc864aed3bac5d56a7869 SSDeep: 1536:J8aLYplQ9yacilkrT7/SFfG9Cr7Ky8/smzSFMjtARaAez6pQcFJBpwMj:zLtcqmOBG9Cr7pueMjtFUpQcFJII |
|
|
| C:\588bce7c90097ed212\1040\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.09 KB |
MD5:
0e3f13732027cb66068ac70e83865975
SHA1: 40e22de503e0f93cd47c2a6bced2b9dac95ecdc8 SHA256: 5537445afc697d081abaf25ae53abe1bc32c2ab42b4988fbc769be4782152e1c SSDeep: 384:rxm9GE+idgv5pf87Z0RCGCiVuHmwpVHoDX0J1kFFHxJ1eTluXl29uMd0EPC:rQoYdm5hAm49KuHmwpdoDXMkXHZepu4+ |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 6.93 KB |
MD5:
3533add784ec32cbf2944ca7edf545d2
SHA1: c9c94a0aec85d1073a2d504c9080e37b346831aa SHA256: d5b353ed566acecf3b7440c5e68a8bee33e4df34141d4b0643d53bccdceb9000 SSDeep: 96:zQZAN9y8bpjaiqqQ756CM3z9UReDkOVLB11KuDkLO5szEr10C0jzRGcMpZI/:z5N7pTs96CMxU8kOppsOa+1wfkcH/ |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 81.27 KB |
MD5:
eb065b607117d2d2881ec0171c000962
SHA1: 1b6867dd023291d51a48fee66addd59955e745e1 SHA256: afca04099051f3506b3bb3bef42ad82f535478474d620dc1312c8d917182a946 SSDeep: 1536:VCl03k+xGUw5A4sZZe/uMo9q4/SL6mFdnny/lc5lcYZBMK3cLLhmInpfi6Wk:AeO/yFMyfaL6Gnk58Brc/hmIpfiO |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.68 KB |
MD5:
e0ea61311f682eed2725a8626f617ea1
SHA1: a8e147fe89c64513999bc4c9667b88fde505ab0e SHA256: 40145a89e1d9f6cab748bb0c912ffd9fb27033730d13c3a1ae095d111d75d197 SSDeep: 96:i4YSyuMqrZ4c6gibvgY8vPfewxlguokVo:i5aMqt4U4vU9ls |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 4.38 KB |
MD5:
6b36b20b74f254a3f824e528a6df21fb
SHA1: 741561368fb59f5d683e5942bc481f23ae611244 SHA256: e1b686bcb442555e3be30e9c2ebe6acdeec183a15c7b85462d830ffc15150af6 SSDeep: 96:gsvOGW34K0U70tJBlxXo7PTqkpkXEoI/SCfjyG44EKW:DvzWJ04gBszTFpMIqFGyn |
|
|
| C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.09 KB |
MD5:
a8537d5ca792d4520c23b7bd4563f057
SHA1: 94040a0f57a23a60d09ae45a1c7d1c10d5b7d504 SHA256: 29b946f387d8266f17df0f33f5fa170fbbb3479ffcb2a5ec230b38c905b7eaa9 SSDeep: 384:yq100OBm05GIyQbO3/6e8GBfzJImYU2KdQVSq627lcVU9C:vk57bOP6L4LemlmVzlS |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 70.63 KB |
MD5:
73f486fedae7043cc470ee102bb0fa80
SHA1: 95f1dcb9ca4d50b023a771b79059431d4ae2212f SHA256: 6b20ba25d4113ae844662b0351a2896c887600ae7df0a894747f7af042385405 SSDeep: 1536:aT0RuGUG7C49eFqXJdBb5m4LpVMJSsT88bJOWFYLAIOQ:Y0RX17CVOJdBN1LpVEA8blFsLr |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 84.66 KB |
MD5:
77ef4629aa80f663068b9a5996b0723d
SHA1: c1bb19bb17ecc16d002c9e6dd755666a44ef259e SHA256: 4d7f84e4f2f2e791cd482fbae0b789d22502fb814e4aa71b6fc714dc93c77c1a SSDeep: 1536:Wlxh5H2E014pnicDBG270F2RaWknfG332vSfAF+PxM0jskPzrPt3I/W2n:WlxhwF1I1DTYkaWknfjcC0jskLrtP2n |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 80.66 KB |
MD5:
658bd3efae532dfc6e314a95816e0352
SHA1: 687cdb40ef8edf81031fac008dc331a29608ba59 SHA256: 0716354f1a6d332ebda6628714ef07cd3924c4dc3e3fcaca99d88bfd90d222bf SSDeep: 1536:cA3ppG8JeIcX9/VelpKw5isS+r/KPoLkcHmpqtWtRFMnW:1fTK/VelMDsSu/KCTHmpq4FMW |
|
|
| C:\588bce7c90097ed212\1036\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.59 KB |
MD5:
9c4a2a9b32c9569d45b32eda73b968d6
SHA1: ef4995457ee18a1e28c95c2289be85f6c82c92cf SHA256: e3307217b5e097b3fdffef98231f46f1a9e3c523a3f7386f7b48ff7df691df23 SSDeep: 384:txI4/a9DCpQftJUzTXQEgGZgoEa5gUCptIO82dyED3pvk/5EvwC:nTmt23ZgWDEaHCCiluEZ |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 66.88 KB |
MD5:
c00395597d15117968e09c3f8b10d590
SHA1: dfcb238e99343422a8122e66e2cdadbc91d83ff4 SHA256: 08600266d8a2a3bac903fbececacafdd89fd206bb9735a51e471a16a40ed5180 SSDeep: 1536:o0jqiAyc5YcNINhp6OB8956pDnPabgHrvWiClVRewkhgL:o0jcyiYcNOX6OAIDnPa8rvWiFwkhgL |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 10.11 KB |
MD5:
6f70afe110d275b1b5a02094227968be
SHA1: 530dcf631f2d173d67a035b5454a2017714a8eb5 SHA256: 8be7c66cf75d2854df0289487e58842b295d91766a57a6655f8cc64e497048d2 SSDeep: 192:G2tiAmAgkzrHBlXvSU6ExcrtdxUO1Jj8C6tSO6n:9jmMzrhl6UXONfonSr |
|
|
| C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 14.09 KB |
MD5:
ac716ed0b53e5064db452a1ff666091b
SHA1: c7a95f34b5e482d49c4628a25f50a30bfafe14fb SHA256: c8fee2cba831f7534d52dd267163c2995a760217035d5a9b23e2ecd0f21017ad SSDeep: 384:oloXJrKnE1MIafhHsp5kVLQnpCXkqGPQwIE/C:xeErafEckpCXkqGo5D |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 12.61 KB |
MD5:
05778a215d53ca635608462973810044
SHA1: 6ffb1948eb1cb8b2db1651ed124033e4a11cbecb SHA256: 5d81ba706949974fbf500b5e7639ea5127693e33b34bae6fd168ea7f11db9938 SSDeep: 192:l3ohMGYQeUlFBuEopjRJ4UEago2EMPksbq+NDPOSGO8qKSLtU2MzVNM9U:l3MlYQ7T4EolzZAR3qYjKScXyU |
|
|
| C:\588bce7c90097ed212\1053\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 17.59 KB |
MD5:
f0c8b4d2eefaad3db08b4f2391f0722e
SHA1: feb5018f9dcbbd11828fff74d61a90bb57949b3f SHA256: 4efaae1c544126490b5181ae4d38361bd814d3c107b50ed4606637e1ebf8baab SSDeep: 384:5VUigqpKSMzVQ8PEeUHQtuTaNfLEHQMzOwKEh3Mu3AyC:5V94SYQ880Oig1zHKEpMu+ |
|
|
| C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 17.59 KB |
MD5:
b577e7f6b46fcc051a47d998084187e4
SHA1: 2118a9d73a32489000e9314962e0db95b65c1bbc SHA256: b20a43705012e4c6b3dd83cd235f421ec61af8d1521ae6a34a6ccf138f6ba548 SSDeep: 384:+Rq4r3RDuYAJbznkmE7NEY2ps7NLpcOeVBTl0sor4MdErNC:qDuVJbbkmE7As7w+rrCw |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 63.96 KB |
MD5:
fbe958bb7d6f65392d47bd151965ab30
SHA1: bbbea2f9869e30648749224f46459281a1a0b15f SHA256: 24b3645b81c1fabfbbf1816ef9cf105560355a320da69cb3b345f8da9e04ff74 SSDeep: 1536:jFgiRJpn95v3/UAX2ohYviChmZPNZvtqKp/Q8Dx:j5xnfv/zX2oyviC0PJqKpJ1 |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.69 KB |
MD5:
b4d17c75c5c75c4f7ec8081c76592d6d
SHA1: c790fc4415507f80bfe579a9f49e8177ba4d77f3 SHA256: 4621066aeb48daf16950f8def75eb5ce4df9a1a85306719870284760d3742b05 SSDeep: 96:YgIHdU4IHW2lHiwxi6qePdra/AYCAGCqDJXqINoPiIRp:TI9U4I2Si6raIbAGpNXVoPiIRp |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[basecrypt@aol.com].BSC | 86.71 KB |
MD5:
756fc9b6eee6a2030c37b3ea60b0dca7
SHA1: ce48ecf3a9cc3799e6c563e6c4362aa6e43027b4 SHA256: 92c8ef9a0efde85a7d5886e0c5389a93efbc0f4a3bb17c024a4d12ff831a73af SSDeep: 1536:6QyZbe0eUSPA2iLad5jYTMghItbo36ggDzGVWj1Q35vivLzTWdgua+0B5UK:Ube5kSkMtk365aoQliDXA/DK |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 78.02 KB |
MD5:
90d1984785dc29fc0932f6fe35942efb
SHA1: e1cd6a15008d7e3e09c6db0301c53df62a467d65 SHA256: 04efe6b5b63408c728387ef6fbf10374a18433c02c12e2ba7c6983d2d1bc4020 SSDeep: 1536:s1HNp7JAbxGaou2rnHBRxZAdmIgtEDKBlVXkxkCEhUQD:IxAbAaT2lRoVgpHUU |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 78.43 KB |
MD5:
5c66bcae0e310e8d6fe752aa9a27b6c0
SHA1: 6f3fe8f48f50fc1adbb8d540325350fc82fe1d45 SHA256: 415137f8d46381f976b58ae9cd1f7d0651f920c80e07783db4d046a8c60819fb SSDeep: 1536:LdPbOjbev/4LHkJgA6/PE396U3+V96YNlnMAuoKsMPCfX9qVhCwsqqqevqWQc:VKXeoTx5Uct9lNlnIoCdhNsqYf |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.79 KB |
MD5:
c201f5f1263e181a2678d800aebbc7a6
SHA1: 43a8701210df436d5c61dc2ccbe031545d3044e3 SHA256: 9d35cc15823bf8e4691e8fd8f19f58b40ed493d3acdda8ec460adcc38102905a SSDeep: 96:WGsbBM4kFFnITf4vUP+Qc2/rlDs4moI3p1Mr:WSrXvwL/ZDs4ZL |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.21 KB |
MD5:
4b9762de2107b6ebc21377a783e12444
SHA1: c41c50fa03301ad855866af8810974a32c922db8 SHA256: 86d484f98495da02478eded57cd4fb783881d526b0a0095df6fb41c0c38a3437 SSDeep: 96:66UN1yc8qsAilfLDMlwM043o7+TAnhFsZ12oXi6Mx:6xw0ilf3AZ043o7+UEri6a |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 77.69 KB |
MD5:
1fbe7b1e3696ecc04eed44264f3a09c1
SHA1: dc85cf75c716e3f0e9cb1344f0b0ea8cea5ef4d2 SHA256: bfb5d3576bb8138b64d61a612ec40e9b6991a6fa20976bad2b76b1c581b53c99 SSDeep: 1536:b5H5aVivb7fBvedPWQ9Y83NqVH9m916jvUy2042ckhjhxlqVGoIAmH/:b5/FedOQ9Ye801kjcMkVnmf |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 4.18 KB |
MD5:
2323cabedf74977f4d6231c1fe11dbbc
SHA1: c95f7d9ee070a69ebe8a3f9cd4450bb92d5ea964 SHA256: 1a233d34f81c9eb5276630a341fd557fb9b7cb287fd17ff72016d919e3ea2db8 SSDeep: 96:OJ1+n63j8/JEGdmR/jkFwN4SJyXSbyv9ZYZvoymwtmaOcF5:OJum8/J5IR7kGdyXaZoymyfNn |
|
|
| C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 14.09 KB |
MD5:
63dcd3afa1ac68014c2f231855f0ba61
SHA1: cbe4810121c36e9403fcc4010e5a7f50e9b52952 SHA256: 862efcf07c54ac071e8105ae579b77c2dc1b1f2434e56f8b12e32928f25df675 SSDeep: 384:iZ3yJvzJwin5aNOEoDEk51OSMnU6xlf/AJDaTyDcly/xYhhC:I36DnENO3bKU6xOJDmitB |
|
|
| C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.59 KB |
MD5:
62badf2bb66fd1a9ee6bc4f2db83662d
SHA1: 6123edec55ea8eafa03147bb48f67ecc9e32c6c1 SHA256: 853cdf939cb8b489ea4a04bf40772ef47e95dbd920cdd0bd2c5a687d133e1794 SSDeep: 384:9JNQ5oEawSdQOrEoGhmaVmCOsUhihUmOkxQ+nwpc+1G88HB+aqzLzipC:9bPEaFgoveWsUs2G1M488HQaOX |
|
|
| C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC | 18.59 KB |
MD5:
0624ae84df7bda8a2500fd11d083bc96
SHA1: 7791f0b5b714c547e1c24fb3b0e0e3f242b025d0 SHA256: bf97b16fd40035ec131f867eb36962167a0c75dbe87256e63a923ee80b86c2f8 SSDeep: 384:ZeJQ7s/W1loXeav5XBDBm12Y+u0VY20VniBD0PKmna1saLYv9qrJKUuWJi0JC:ZBH1lmewXBDIzpVnzPq2I4kzJi5 |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.35 KB |
MD5:
3396bafaca5fb13b702ada64e40320bb
SHA1: 52e6fb3f1d587011088d7df1ff14148eb36b9191 SHA256: 82898e9b11b492b663b126e15d873d4f8096ad5a612a100cd0a20b6606172d16 SSDeep: 24:B+XHkewVQqeW4jujDZ70ZEVvbMjj7ZWlQv/xORiSCLHne:BwkN9DZ70qNbMjfZR56 |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 80.69 KB |
MD5:
63b1cceda2a46bc89cb226f16472591b
SHA1: 9eef610030daf8ec3e65c9d9c395b7b894109d39 SHA256: 418f1924abcd25756ca577bfa9f0109b5cf7a81be9314928872d5b17b6ae7848 SSDeep: 1536:kwbExngEjnziC0B5q5wnadpL78Tx2uPXECVGtTMFoGuol:rEjzQB5q5dd78V2uPZV+T/g |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 53.41 KB |
MD5:
4c21bd3d194a214a5fb698b7b2171155
SHA1: 0745347ee06bdc07a80d4b2d09a520b9f4a40b13 SHA256: 757224cfe67c6214a275fe454b5ac99fde432f5cd1275c48fcfcb854a0d8f8cb SSDeep: 768:FtvEoNP5xW1pykKOuno5LlksoHFQFRkBtwKPeuCvU0glb3EIBt7BMOckFn7i2m8L:EaREykSnZFF7euCG+jDkEqIW |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
2d19a4510e29c2cecf7639312c6a90a3
SHA1: 5b070c28e71fb31232df06e9e55231849e372adf SHA256: f5474cdb5e17bcbfe251ab33ced80c4ccd0ef283f804b0e2fef249929e28142a SSDeep: 24:irin0GJeJuT1NdxjfUdmNV242GE/6pVmSCLHny:CicJuhNfvP2G252 |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 3.83 KB |
MD5:
4c8d8a385a9792336c126213e692a060
SHA1: 8d7c5e1faac68d7a6596c6b75b4099865bea53c2 SHA256: f71e387b8b837f9aaa327e8606e1c11909b003c5cc6d6f5d259416fbf82d8249 SSDeep: 96:3wPrewClJ/ePy1KjdWZySLbeZRQ3uDkzOhh6CCsz:ATRCloPyYjdcv28UPh4zsz |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
0c3fadbfa98d0954bad3b96b5d68a1e6
SHA1: 876b3c9d909d71672739b9b516477a4e2d28b5f3 SHA256: eee7fa5d14877ddea617875aee2e9fbbf6bf2bdd0c4c974ba8956366be62328c SSDeep: 24:PlVjS3DjRngppPrycQ9RDvLQB/oY/Nk0kFCESCLHny:POTjRgburN8Y0Y552 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
22d3f4b3fc3baffad03273909c5686e9
SHA1: 2b16d9852b044df65c198fc90425e586834d882d SHA256: 3996214e9da6237de16dbc7dc6296a69ba3c47b630c76c2407d55fc9490aaa41 SSDeep: 24:DwcMsNqp5vGt6v2gnwMPLnjlBpIUIhbXXFlTy1SCLHny:EcX/ivLnKUcbHFJy152 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
eaad7535691ca64fcb58ca8754b060ab
SHA1: 0e70a76447a750849f8252cfdff9764c0fa418a9 SHA256: b15afdd27b090b524a7dd2074641c76dac326715a6221653c76580a29d3855ac SSDeep: 24:tYq/lAiPoJXIR/tYZSbah+jfZCVMukhSCLHny:tYAANXIRGZSCyn52 |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 79.10 KB |
MD5:
de9b6f595f0de00617eb525afbb38107
SHA1: 7512d00159b2cdd331824a85fb14d47004d2e501 SHA256: 43be02b835659a4ac355f3c53e555bcaa5a8337fd42a5e2e5042e8ad55dd5a49 SSDeep: 1536:6LQS3styJPvNa2mFKwDfXjp+LcbA88/i5m/3IDv3romz+pkG0Iq0Hv8:6LVX11anKgf1PEkm/3Iz3ro08U |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 4.00 KB |
MD5:
49ecf1426ae491be09c3eb17c878b875
SHA1: e69b32adb80f0b6c18db3b4a8620a1d9c6a586fa SHA256: dd336508e0e3268814762a6138d691402f6e7d80d148644b12c8e4ff4a406122 SSDeep: 96:rb1YyUj/femMyE18YWnFJZS18+NWLTCvfgu/rMgG4kjv7:rRYfj/mhyY0TkqdLTufgwrMgrm |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 79.82 KB |
MD5:
66ca9cacf32fe5faf0d8c25e55ccd622
SHA1: 2d9e289d9bbff09f5ebd30d61e40893198e8992b SHA256: c4748f121c9a27da512cfebb0262d9a345525bebd684f9bfdcd10914aba5b043 SSDeep: 1536:yoiHX2pYLNJCf525qhUxfIVzrTZIuwsksjR3MgVxzp2+Dd3S/dW:QXkYLjCf52KUeVzrT8shRMSxzZd2W |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 76.12 KB |
MD5:
d3ad18b922338b61648daa8e53d6445a
SHA1: 71d6c2e85aee83a426b39ddaece1a0733e11dd25 SHA256: 4d717150c5b64c550e381448b61f2ca3c0e091048c7de84b63f451d9fda5ee5c SSDeep: 1536:3Z7FErjFZnr9KsKyjaduRs2xbys5vomomM1U9Sh9iEc2SFGLLwvhx1fS2yrtBqyd:p7FQ9HKaHs2xbJ5j78nt5I/BS2otBqLK |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
603e1d0a11338a63b88f8b0c9acceeea
SHA1: 2b70ecca5b822061392a3f88fcbaede35bb01f3e SHA256: e931c7b7628cdec68442a63cdd85b5d219045265ed2187f55267525732b96e37 SSDeep: 24:BD2aUT2LhCJ8Y1Niepl0RVDUsJ1eI561kZoixCPplUIfjIVSCLHny:ZvU4CJ3LJ70TjUIAO/xCjfjIV52 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
0e8688f4417e06a4b88f50f954209a5b
SHA1: c0cd4be455e96e65009acd2f0473c394e89c2bc0 SHA256: 590a63c5d20a9e012e4b103e8afdd181f6eda28c29629e5b5a6514d1fdac784a SSDeep: 24:6bQ3irZNr0ZKgd3Snq5E1u9Mia4brttlny0CWjriDFeTqSCLHny:OPrZWZKY3Sq5wu9M8rDRh7rgETq52 |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 4.00 KB |
MD5:
13998da0af7abdadd563371c8fe13d6b
SHA1: 2cc090bb4acf4d1d85659c2c2146115924400d7b SHA256: 1e70f68756f0093c7ef75d005a52c732e9395027f8df441e65c1420bdb69cbe6 SSDeep: 96:Thm9lvhNi93DyOKA1PvGMMRqZzgH5TwQP:TQJhNG3DyOKwL7/e |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 5.93 KB |
MD5:
4a8c05de7534f2b2d65d1b60063269f5
SHA1: 1fdaf2f80e8ac0dbe2dfa42abe31ac6f5c4b137a SHA256: 08283568f9eac3b273e38a0d030d2955cfd796f4a25c6d0b7421f12ae835235c SSDeep: 96:IKwDk8yijx1AR6GKlRcvbQvxSO+dyFChNL2KulIOJTnhjp+Bd3ad1lohtJywBmST:MDrtjnhFUqPYNS2O5n1Yfk1lohtJywB9 |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.35 KB |
MD5:
ca89138d321811f3e6a497b19d402cae
SHA1: 363fbf4b1e8bb0dd515545b326289c9e50937f6f SHA256: 5d8afbfdb6ce50af6ac7f97cc71b0eef457419c74fd062224c1f5643f1b31a57 SSDeep: 24:+aAPDAqZiv0V68Me3QuJ9i8n/gK/0jQnlQwnMU82ySCLHn0:yPDPixvuJk8/gKbhMt54 |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 75.27 KB |
MD5:
1da4b33eaa29b267d02cca2c78dfda1c
SHA1: b85d52dfdf4d4f161682f8e333df5b3db0bd7127 SHA256: da924e35a215d0f734b8fef2605a5a81383a193e82858335e8c982ca41128e89 SSDeep: 1536:p4W9rYvwkKuQTgMWfn4tfEjF1cYzSixBK23scHvFAaiN:p0wk+btfeXpvKAPFLU |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 59.51 KB |
MD5:
871d01dc356a44eaa2cd1ea6c9ccfd0a
SHA1: 889e2e5f19230c6067437d3ffcbba35b13d145b1 SHA256: ac695209cdf964fe085d7360c4d1b0062d4ae00d61a1c666281a01bda8cae545 SSDeep: 1536:CCgkf6JmCtLcrTYMa6Pmz22WwbJXHQD2VR6Duw:CCyntL8TxyC2WwlgI6Duw |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.10 KB |
MD5:
624d87af403707ac43ef1f4ab3cc7caa
SHA1: 5314662a381f8afe8358a9f099f3aad6b98619fd SHA256: d3072f9f218354e7e627d5a867a6e4e60f83c658439597b647f29b91924b9b08 SSDeep: 24:UQcd5skklQDUkq1f/VAprLuaMKxuCaSCLHny:m/wkBhuJn52 |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 6.39 KB |
MD5:
ea678b8687bc94c896154f14527018c0
SHA1: f7f0377f8ba9446b0206172d84c1efbe9b0d3056 SHA256: eeca04e3be360dad27c8a284e1a6963912a7e630a7d7aa1f6bdc66e6989bed3f SSDeep: 96:IdAOOOmLtonWsI4wMo/SMUb/wITvxWPOO4r+GQVCguRILr1i/bREYHN57fqKY:IR6paWubb/wIjwPOO4r+BVGRIMRZt5D6 |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC | 4.14 KB |
MD5:
d98e25eb60c8d060c6ae00bc442c286c
SHA1: ea07e3d899640838a31f9f60837cad5aa0b2fb42 SHA256: 906a1bd6b5275c7a44151372c7024659c05495ff2a87f50cef87f80b032b1b47 SSDeep: 96:XrgEuMKbUIY4rnOyowFEvBQe29FKnBuIJaUs811P3PBJQmc:VVKb5Y4bXoBvBn2OnBucL1dQmc |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[basecrypt@aol.com].BSC | 36.08 KB |
MD5:
7fbd4145bd4abcc7b179af391436d41f
SHA1: a8694ea97bfeabadf78ae0b863305b0de6e19aea SHA256: 1546518dfb1df204d6907bfa4696345135fdbf56a629ec6efc1c53c9a3511f46 SSDeep: 768:lZU7m/1baVvsvLafT3Htt11ueG5hHAdVIyTQxVILz9IAlIbuR:sZQGb3z11ux5hg3RQx+LzZKuR |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 78.62 KB |
MD5:
e917455ecf7aa00665d3e934b7109143
SHA1: a806493275d5e8e7557be13b55fccce09d384ebe SHA256: 3bee165477c7db6d392e904270dca85346fed0e642337bf3b2cd1a0d796e99de SSDeep: 1536:xcIHghltYlc2M7b/ykXwU8LhiiVFu6X1VVlJ00hpWpZ0+jPhfrVV+G5:xcIHghlmlU/RXqhiiVFNvLhpWT0+jPhz |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC | 59.65 KB |
MD5:
3079c8d2c02c0903026d832e17773206
SHA1: 693026ba8f57117ca36c2cda9982e443160c19e2 SHA256: b665e34155a0a334368e8bcb5af0501f1d9a0c7e37d970fd8605bd0611c8d782 SSDeep: 1536:8RRVkUuRPpBDP4LDbcX+h2lCgdzHScoawdXrgu4uHbn:8kLlEC+YlCgdzHSza6XrgI7 |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[basecrypt@aol.com].BSC | 1.36 KB |
MD5:
e50dd5cb1265a6fd85bc31f4d3badefc
SHA1: 9eac6fbfa34ddb3ea34781d7369c5a2d5bc1ebfd SHA256: 9587dd58d6ae5f006ce19601c080b87c7b828ba6f8c8c61d65f9dcf9f2032b36 SSDeep: 24:pozyg1eVmwzeZ5nHqVikh99dzbziYfzrcRt8JPHCR2fYSCLHnGn:piec28pqVis9LbzD7rvhY5in |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[basecrypt@aol.com].BSC | 10.13 KB |
MD5:
5264ba569b7286de5f83cf0f002d439f
SHA1: 287bc7a24ebaf81e7758a4669a5f634dafc76666 SHA256: d10b1057ec2859473072570f9971fbb7afaa43d2de5483541b7b8f5e614e840a SSDeep: 192:04d5SVn1ZSMCQ9FCpicwgFwsRWVRKUvKghnOZ7a+V+8LKm:teubQnEiAweU1KAO5a+V+8LKm |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico.id-B4197730.[basecrypt@aol.com].BSC | 10.13 KB |
MD5:
85c04e9bb650f157acdbf6a56050c986
SHA1: 337347edb1021c416c9e23ba1c6778ed557cbb47 SHA256: be1444894f3e8cf06204558f0a8026c1554ed7474145f224c49167529b82e7d3 SSDeep: 192:UHbUHYiiSmwRo7+qvssIozVn+YEY/NPmMVzBZjOPsPm:L9iSpRqNpzV1EYuMVzvOPsPm |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC | 197.32 KB |
MD5:
8525924b6e7ce233c1e8380475d0fe94
SHA1: 1567e947844b9db665f697a70fe8b3d7c3d04741 SHA256: be76856b3f91e269c57e7a7d472fb450fe1bc184843208a3c630d2b3833db1b3 SSDeep: 6144:+8uyBonelSw/a9I7z+QI8ndd/pAEN2fD2WUJ4dd:+eoAVOIdd/lx4P |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[basecrypt@aol.com].BSC | 15.99 KB |
MD5:
e49ec88599ab320cf56f3d94027dbb9f
SHA1: 0d89011f997e110ec8c5ef09c0f7677e2a9bab63 SHA256: cd025edcbe173c84fbf21d526af38b47b1b653528d8c827e224f0dc1a608ef5b SSDeep: 384:8dbigwzDDQSelWR33X1xKagZjPxc4aowrTg8VDRNAeYEF:wdwzD4lM1xczy4aowrTgSN3YEF |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC | 91.38 KB |
MD5:
eceeb8bb954d8561ac837c349b6082ea
SHA1: 8c0413226f056149e1f0b405cce13af567de4607 SHA256: bf71144a562cbd75b9abdb0a3960dc4f0c360bf0b1228fc2b7eee527a67c8e9d SSDeep: 1536:k83MauIuZL5Fs/vKTuaujeUAyhVf0WPmCr3d331jWki0fcJ1mdKBYPt4egxCLN:k6BuRVFsIDYzhVfXj394krcJYdKW4xCx |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC | 38.37 KB |
MD5:
ad20c1947b77072d5b2b1f0c2f1fb598
SHA1: 82ec8756782edd9b9da0295b178357c82a456b16 SHA256: ccc209a7fdac671caa5172f20e7f2d319454a2bfa2ad7fd40f40d58ce4b70bd2 SSDeep: 768:+LCKZAsEERoRpos28DNTggbygH4zTwzXDRV/johD:ICoA1sL5eNTfbyuxXD7e |
|
|
| C:\588bce7c90097ed212\header.bmp.id-B4197730.[basecrypt@aol.com].BSC | 3.77 KB |
MD5:
32ae5c70a84da0b7a682ef5a17bc1494
SHA1: 4b8ee4b004d3137bcbc7fb845863a918cc873435 SHA256: 2db63066550a68b9daf91baca1dce9e90a5070eeb35a55b6afc3f93b5db71272 SSDeep: 96:v3aSimMy2LR/a7Zg7XCsfq82iR+rJ0bx1RMI+W:Paty29CtHsfBkrSMRW |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[basecrypt@aol.com].BSC | 29.65 KB |
MD5:
9dd10b5c9e98eca84ff47c0444c146bc
SHA1: daa12f29ba9b1b033b5456ee2c009ba6a8a9446e SHA256: 4694759838e6ea5b8b03be093f6812cb24025757b4663803abafee87c7dfa6c1 SSDeep: 768:jdF7ZQZlS/YrNTMwdDVWx48kSipuvBAUzVWz3ASO:jv7ZQlSQpCx48ktGAUBB |
|
|
| C:\588bce7c90097ed212\Strings.xml.id-B4197730.[basecrypt@aol.com].BSC | 13.99 KB |
MD5:
66db1eeab3cfa23886794f662a81831e
SHA1: e8d0e28d96c9487df6affee2aa45d72332097602 SHA256: 931711a12c09926e9fb5626ee3ea41567c4701cd8d19463c7ccd5e1be6fb3b2f SSDeep: 192:UU+d8nBt4oEdT6rIx6sWYx3exyrFmCYcseWl8pyZRALoEK3uC0TLHkm/Rt6QBDlA:UpkEddx6sVrFlYnuURAcHpgLdjf+g5e |
|
|
| C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[basecrypt@aol.com].BSC | 101.87 KB |
MD5:
c437c1daabb7f87ae40fc0817440c59f
SHA1: b2b6daa09e7e2b473fe809fe146d26fb894f548f SHA256: 2be75baebb9dfb1e1a725d826dfbe48bd17f0af4e00b8cd9572340c36499656a SSDeep: 1536:65TNd1svDXobnhfYbkL5y3NROweEdM8Ecdc6GrzcShJLd+VEScwvKkV6nrMegql:Q7CyfYbEy3BeEe8E96GH7+pNArZ1l |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[basecrypt@aol.com].BSC | 1.11 MB |
MD5:
786d48cc9da497358c57771fe74403fe
SHA1: 8f604d5e7840febae5f40032acede4435404c560 SHA256: 62257ef060d0bfed87769572b06af81146883b02d48fc4c76ff114a3a61fdc3c SSDeep: 24576:l89dJbPNYdd/7PE9JWWrlJXEziJQLSnnKtipeK2yFI0rMAJT:l89bPWH7svrkzbSnnKyeKq0JT |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[basecrypt@aol.com].BSC | 173.83 MB |
MD5:
cc75e7bda8993fedfe1a6badcf08dce7
SHA1: 9f7920f930c3874402c2d3c14535e2bdd1fe4eed SHA256: e104262286e666244be9b1244b073d074f316420ff783d93d664a93ea8c7c99c SSDeep: 196608:GV04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:z4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml.id-B4197730.[basecrypt@aol.com].BSC | 265.91 KB |
MD5:
dafff3e20826d0d143ed37f5bb89e65e
SHA1: c933fbf763056ef650b51262184bcdd0a76515cf SHA256: 3f872aecd21a73f8f27b8cf274bcb6ffc6faa9093f801400a0db92933b271192 SSDeep: 6144:2o8XiLAoW2Ss6Afw/2qOzd/LVooGW4LXWPudk3FOXBsXAf13YVx:2fkAo396+Vzd/LVR14WPudk3FWf13ax |
|
|
| C:\BOOTSECT.BAK.id-B4197730.[basecrypt@aol.com].BSC | 8.25 KB |
MD5:
a50cfd068de93719ecf048e098fcf6b0
SHA1: 34d8a761f2fa6d0e039deb8e764988f695590041 SHA256: a890b693e856dfd56374c55612c5903c87e01d6eebdd541a7ce64b7ed73b0d8c SSDeep: 192:oQDsY0BQLcsk94jtMmnpaWsU9A9TseihClRkTZLCE1cv3Lr9:ojYVcsRBMmn10jkZO3vX9 |
|
|
| C:\Boot\BOOTSTAT.DAT.id-B4197730.[basecrypt@aol.com].BSC | 64.25 KB |
MD5:
df133c2738ecb4cc75e380d1f780a8b0
SHA1: b8af0a8eaea4f947f691d8b8455dcf45d59448c2 SHA256: 5869de22f3ed41add2008da969c920eb53a8902b2f782525f5ea277286f438e1 SSDeep: 1536:KmDc54QFLLs/pI+PlzqzcZs4ITdnjlUU9LMeAe/ds28k:9pQq/Xk0xITdZUoe2D |
|
|
| C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id-B4197730.[basecrypt@aol.com].BSC | 4.30 KB |
MD5:
d82edaec6c6435c7a6b81c48e4100015
SHA1: b8416e3f17c77309930ddc2c2579ed84c4f20984 SHA256: c139b985324f98600d4e891cd1d96efe963ee8ea2546d546c830718b53d84ca3 SSDeep: 96:SQ1vdCNCGfIKWeX0Nf41jWoqYhrooOSPuRZn5MJjv4:SSvdrG814JzRpPOIuRZ5MJr4 |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi.id-B4197730.[basecrypt@aol.com].BSC | 2.56 MB |
MD5:
8da1e19262a441087751aeba6db97bef
SHA1: 25e74a72f949aa59d6aff7e06ada81a018fd54d6 SHA256: b1acfcbaf73e21254d47ab3299a36a0db8b3640b6b407d3d129af667a21223a9 SSDeep: 24576:nc+BQbPyxbs4rONS5voMfjhOGxV3rLQ13s18k13bePcGS/uLUFhJek9:ncxisfQxoMLR3rLQ1mjKPouLOyk9 |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[basecrypt@aol.com].BSC | 180.75 KB |
MD5:
6d5572bd81786c5f6cb2bd9f3bf67b93
SHA1: 102bd66a2795bf2c89dfaf35203c3092b8e5df81 SHA256: 718ef8442a3f52e5e71aeeef460b449e452d08a68d400c4b7aa8a035bea64ba6 SSDeep: 3072:lIfgp9o2QfkzbyKJ6y/soqDy+WPkFxWBZT13pTarb6jJt0SmDdk3qYS:ife9HCkDQIZ2WPkzcD59tADIA |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[basecrypt@aol.com].BSC | 92.75 KB |
MD5:
cacec1dfa92adb411f8dc2d99c0d8d66
SHA1: 9cc8e0b2d4b57a4550289eaa2b43f4f85d81c3be SHA256: 22110fe74bf6a5756ec254cfbc6c6370b9bfb38f808cfab66edb317a1a74d85f SSDeep: 1536:lmoDhCXD0GfuY1/XxPgruSTgqwzaVeqvsQnCqJyTjzIo5b3b30+YxgJV9Mw42Bi:vFcnfu+XClgqwGVeqiUoNXPXi |
|
|
| C:\588bce7c90097ed212\Setup.exe.id-B4197730.[basecrypt@aol.com].BSC | 76.55 KB |
MD5:
6e52d9d80f63a6462ef1fa303ed03be4
SHA1: da52d54e836d1fc01f351273858c3dba2b73155d SHA256: 6501a45a3c2bd4590fc24f68262dc0fdf918fc4c9d0e68fdd365361fef2543ac SSDeep: 1536:5GH7lektW5KbGeZL15zCfXeinlTELcIxPJ92m3laFzGjIJiIODWWJvQaU9dlL:5+7lJumGeL1AfXeyKLcIxPllUCjI81Ul |
|
|
| C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[basecrypt@aol.com].BSC | 788.58 KB |
MD5:
5e189e6fe98848492b26da76bb7e5bd9
SHA1: d8fbe7503f826b5899ba084356b0c595e8344304 SHA256: ad20abc8eb9132d75a0d0e15e6474c05f12eabefb6bcc1488cdceb871f4ad2f5 SSDeep: 24576:xeqmHFGgs/iAhDpOAynnFxwQj33vPTm8yWs06hHXa:xeqmHTwiwyTfFs0gHq |
|
|
| C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[basecrypt@aol.com].BSC | 288.57 KB |
MD5:
1f2c40f7182bbdad616b308e471aabdf
SHA1: c0057a40c5a3dde9ad0787f12e2979bb14ef541f SHA256: 5f0c6493c2cc54accc888b5b0701bb1251374408e9205f3eed42c472449c6ae5 SSDeep: 6144:m5bjGY5QXc20fwOg6/VWUPSFmlEYu0DD13LLhsVUXc8eiPFxIoyi+1/EHD:mvBM0fwOdtWUKFm40vpLLhsVgc8rIoyW |
|
|
| C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[basecrypt@aol.com].BSC | 94.08 KB |
MD5:
8b0ca7b6fe7a2b74385a7b7059bb61d6
SHA1: a750ccaa30480bf21164ad421595dbb4ff5c34f0 SHA256: 649f5814f075e38aa7a1a2a1e731b8a69a95af63cfc99986ab03e28a5af2e781 SSDeep: 1536:C3JZRiNFfTuoRzkr/e2b4Afoej4o2WQnackRcDBQHq0IPIQskLj9mKCdrlBCxf:C3TcNZCaIre2b4AfoK2WP/RcDBQHq0I9 |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC | 5.61 MB |
MD5:
b0f044b39342e4e479fd3e9bfd43f6cb
SHA1: ff63f8c17da3c2caf420d73ead7f4a0c0d7811bf SHA256: 459575b8a8f62676c5ce92cb6d81337bd8d9f39ff4e1eb33987fee4e47afa50d SSDeep: 98304:Ef0pKGBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDKm0mUS6:27GBHTK8KXZ4UuY1kB1iKFKdmz6 |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC | 5.71 MB |
MD5:
9af49a540983c2af109df3e8362e3f88
SHA1: 1b572bec4a1dc22dc7eca4957bb8639a859a4dab SHA256: 3778b1ba416fc1043afc61e83ad1f7d463095da326f6c68a25933f42fe130dc0 SSDeep: 98304:uuEAUjb7BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKgS7jPaV:e3PBkOK2Knq45mY4H5OMKkKgS7jSV |
|
|
Threads
Thread 0x48c
430
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x75ea51b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x75ea50d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x75efee40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x75efed70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x75ede500 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x75efef40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x75ea5090 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x75efef10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x75ea3cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x75ea4cc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x75ed32c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameA, address_out = 0x75ed3780 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x75efeb70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x75ea6c70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x75ea6c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x75efea10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x75efeca0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x75ea0d20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x75efdd50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x75efed40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x75ea6b10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x75efebb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x75ea6760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77bfb250 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x75eff090 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x75efed10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x75efebf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77bfb2d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x75efec80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x75ea6bf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x75ea6bd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77bdfb90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x75efec20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x75efeab0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x75ea56c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x75ea46b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x75ea4a40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x75ea5da0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceFrequency, address_out = 0x75ea5dc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x75efea20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x75eff100 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x75eff020 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x75eff180 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x75eff130 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x75eff0e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x75efedf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x75ea51f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77bef630 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77bf2dc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x75ea57f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x75ea4590 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleInformation, address_out = 0x75efeae0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x75ea4610 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x75ea4430 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x75ea4410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x75ea5cc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x75ea67e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x75ea54e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x75ea67a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x75ea5010 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x75ededc0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x75edf8f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x75edf750 |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x761b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x761ce580 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x761ce5a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x761cf530 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x761ced60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x761cefb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x761cee90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x761d0540 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x761cfa20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x761cfc00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x761e26d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x761d2380 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumDependentServicesW, address_out = 0x761e2f70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumServicesStatusExW, address_out = 0x761cfc80 |
|
1 | |
| Module | Load | module_name = user32.dll, base_address = 0x74b70000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x74b9f210 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x76480000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x765e4730 |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77bb0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77c22070 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x744d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x744d2640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x744d2790 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x744d2410 |
|
1 | |
| Module | Load | module_name = ws2_32.dll, base_address = 0x746a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = WSAStartup, address_out = 0x746a5b40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = socket, address_out = 0x746b4510 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = send, address_out = 0x746a5030 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = recv, address_out = 0x746b0c50 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = connect, address_out = 0x746a5410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = closesocket, address_out = 0x746b0910 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = gethostbyname, address_out = 0x746d6cb0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = inet_addr, address_out = 0x746b9160 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = ntohl, address_out = 0x746a49d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htonl, address_out = 0x746a49d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htons, address_out = 0x746b8ff0 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 16068205610 |
|
1 | |
| System | Get Time | type = Ticks, time = 160656 |
|
3 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_AZ4I6DA, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_AZ4I6DA |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_AZ4I6DU, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_AZ4I6DU |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\reaitek.exe, file_name_orig = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 32767 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\WINDOWS\System32\reaItek.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 1048576, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\WINDOWS\System32\reaItek.exe, size = 94720 |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, value_name = reaItek.exe, data = C:\WINDOWS\System32\reaItek.exe, size = 62, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reaItek.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 1048576, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reaItek.exe, size = 94720 |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| File | Create | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\reaItek.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 1048576, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\reaItek.exe, size = 94720 |
|
1 | |
| File | Read | filename = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\WINDOWS\system32\cmd.exe, os_pid = 0x9fc, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 65 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\reaitek.exe, file_name_orig = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 32767 |
|
1 | |
| Module | Get Filename | process_name = c:\users\fd1hvy\desktop\reaitek.exe, file_name_orig = C:\Users\FD1HVy\Desktop\reaItek.exe, size = 32767 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xdfc
4892
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
|
For performance reasons, the remaining 893 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0x260
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Computer Name | result_out = NQDPDE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
5 |
Thread 0xb0c
116
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 165828 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Get Time | type = Ticks, time = 166937 |
|
2 | |
| System | Get Time | type = Ticks, time = 167265 |
|
1 | |
| System | Get Time | type = Ticks, time = 167421 |
|
1 | |
| System | Get Time | type = Ticks, time = 167546 |
|
1 | |
| System | Get Time | type = Ticks, time = 167796 |
|
1 | |
| System | Get Time | type = Ticks, time = 168015 |
|
2 | |
| System | Get Time | type = Ticks, time = 168359 |
|
1 | |
| System | Get Time | type = Ticks, time = 168765 |
|
1 | |
| System | Get Time | type = Ticks, time = 168906 |
|
1 | |
| System | Get Time | type = Ticks, time = 169484 |
|
2 | |
| System | Get Time | type = Ticks, time = 169812 |
|
1 | |
| System | Get Time | type = Ticks, time = 170328 |
|
1 | |
| System | Get Time | type = Ticks, time = 170484 |
|
1 | |
| System | Get Time | type = Ticks, time = 171046 |
|
2 | |
| System | Get Time | type = Ticks, time = 171203 |
|
1 | |
| System | Get Time | type = Ticks, time = 171609 |
|
1 | |
| System | Get Time | type = Ticks, time = 171812 |
|
1 | |
| System | Get Time | type = Ticks, time = 172375 |
|
2 | |
| System | Get Time | type = Ticks, time = 172484 |
|
1 | |
| System | Get Time | type = Ticks, time = 172734 |
|
1 | |
| System | Get Time | type = Ticks, time = 172843 |
|
1 | |
| System | Get Time | type = Ticks, time = 172968 |
|
1 | |
| System | Get Time | type = Ticks, time = 173078 |
|
1 | |
| System | Get Time | type = Ticks, time = 173218 |
|
1 | |
| System | Get Time | type = Ticks, time = 173343 |
|
1 | |
| System | Get Time | type = Ticks, time = 173500 |
|
2 | |
| System | Get Time | type = Ticks, time = 173687 |
|
1 | |
| System | Get Time | type = Ticks, time = 173812 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
1 | |
| System | Get Time | type = Ticks, time = 174109 |
|
1 | |
| System | Get Time | type = Ticks, time = 174250 |
|
1 | |
| System | Get Time | type = Ticks, time = 174375 |
|
1 | |
| System | Get Time | type = Ticks, time = 174531 |
|
2 | |
| System | Get Time | type = Ticks, time = 174671 |
|
1 | |
| System | Get Time | type = Ticks, time = 174781 |
|
1 | |
| System | Get Time | type = Ticks, time = 174890 |
|
1 | |
| System | Get Time | type = Ticks, time = 175000 |
|
1 | |
| System | Get Time | type = Ticks, time = 175140 |
|
1 | |
| System | Get Time | type = Ticks, time = 175281 |
|
1 | |
| System | Get Time | type = Ticks, time = 175406 |
|
1 | |
| System | Get Time | type = Ticks, time = 175515 |
|
1 | |
| System | Get Time | type = Ticks, time = 175687 |
|
2 | |
| System | Get Time | type = Ticks, time = 175812 |
|
1 | |
| System | Get Time | type = Ticks, time = 175921 |
|
1 | |
| System | Get Time | type = Ticks, time = 176031 |
|
1 | |
| System | Get Time | type = Ticks, time = 176140 |
|
1 | |
| System | Get Time | type = Ticks, time = 176421 |
|
1 | |
| System | Get Time | type = Ticks, time = 176546 |
|
1 | |
| System | Get Time | type = Ticks, time = 176671 |
|
1 | |
| System | Get Time | type = Ticks, time = 176781 |
|
2 | |
| System | Get Time | type = Ticks, time = 177093 |
|
1 | |
| System | Get Time | type = Ticks, time = 177265 |
|
1 | |
| System | Get Time | type = Ticks, time = 177421 |
|
1 | |
| System | Get Time | type = Ticks, time = 177625 |
|
1 | |
| System | Get Time | type = Ticks, time = 178078 |
|
2 | |
| System | Get Time | type = Ticks, time = 178546 |
|
1 | |
| System | Get Time | type = Ticks, time = 178718 |
|
1 | |
| System | Get Time | type = Ticks, time = 178921 |
|
1 | |
| System | Get Time | type = Ticks, time = 179062 |
|
1 | |
| System | Get Time | type = Ticks, time = 179250 |
|
2 | |
| System | Get Time | type = Ticks, time = 179359 |
|
1 | |
| System | Get Time | type = Ticks, time = 179468 |
|
1 | |
| System | Get Time | type = Ticks, time = 179578 |
|
1 | |
| System | Get Time | type = Ticks, time = 179687 |
|
1 | |
| System | Get Time | type = Ticks, time = 179796 |
|
1 | |
| System | Get Time | type = Ticks, time = 179937 |
|
1 | |
| System | Get Time | type = Ticks, time = 180046 |
|
1 | |
| System | Get Time | type = Ticks, time = 180171 |
|
1 | |
| System | Get Time | type = Ticks, time = 180281 |
|
2 | |
| System | Get Time | type = Ticks, time = 180390 |
|
1 | |
| System | Get Time | type = Ticks, time = 180515 |
|
1 | |
| System | Get Time | type = Ticks, time = 180640 |
|
1 | |
| System | Get Time | type = Ticks, time = 180750 |
|
1 | |
| System | Get Time | type = Ticks, time = 180859 |
|
1 | |
| System | Get Time | type = Ticks, time = 180968 |
|
1 | |
| System | Get Time | type = Ticks, time = 181078 |
|
1 | |
| System | Get Time | type = Ticks, time = 181187 |
|
1 | |
| System | Get Time | type = Ticks, time = 181296 |
|
2 | |
| System | Get Time | type = Ticks, time = 181500 |
|
1 | |
| System | Get Time | type = Ticks, time = 181781 |
|
1 | |
| System | Get Time | type = Ticks, time = 182109 |
|
1 | |
| System | Get Time | type = Ticks, time = 182343 |
|
2 | |
| System | Get Time | type = Ticks, time = 182781 |
|
1 | |
| System | Get Time | type = Ticks, time = 183125 |
|
1 | |
| System | Get Time | type = Ticks, time = 183406 |
|
2 | |
| System | Get Time | type = Ticks, time = 183562 |
|
1 | |
| System | Get Time | type = Ticks, time = 183687 |
|
1 | |
| System | Get Time | type = Ticks, time = 184031 |
|
1 | |
| System | Get Time | type = Ticks, time = 184156 |
|
1 | |
| System | Get Time | type = Ticks, time = 184328 |
|
1 | |
| System | Get Time | type = Ticks, time = 184453 |
|
2 | |
| System | Get Time | type = Ticks, time = 184562 |
|
1 | |
| System | Get Time | type = Ticks, time = 184671 |
|
1 | |
| System | Get Time | type = Ticks, time = 184812 |
|
1 | |
| System | Get Time | type = Ticks, time = 184921 |
|
1 |
Thread 0xf70
116
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 165828 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Get Time | type = Ticks, time = 166937 |
|
2 | |
| System | Get Time | type = Ticks, time = 167265 |
|
1 | |
| System | Get Time | type = Ticks, time = 167421 |
|
1 | |
| System | Get Time | type = Ticks, time = 167546 |
|
1 | |
| System | Get Time | type = Ticks, time = 167796 |
|
1 | |
| System | Get Time | type = Ticks, time = 168015 |
|
2 | |
| System | Get Time | type = Ticks, time = 168359 |
|
1 | |
| System | Get Time | type = Ticks, time = 168765 |
|
1 | |
| System | Get Time | type = Ticks, time = 168906 |
|
1 | |
| System | Get Time | type = Ticks, time = 169484 |
|
2 | |
| System | Get Time | type = Ticks, time = 169812 |
|
1 | |
| System | Get Time | type = Ticks, time = 170328 |
|
1 | |
| System | Get Time | type = Ticks, time = 170484 |
|
1 | |
| System | Get Time | type = Ticks, time = 171046 |
|
2 | |
| System | Get Time | type = Ticks, time = 171203 |
|
1 | |
| System | Get Time | type = Ticks, time = 171609 |
|
1 | |
| System | Get Time | type = Ticks, time = 171812 |
|
1 | |
| System | Get Time | type = Ticks, time = 172375 |
|
2 | |
| System | Get Time | type = Ticks, time = 172484 |
|
1 | |
| System | Get Time | type = Ticks, time = 172734 |
|
1 | |
| System | Get Time | type = Ticks, time = 172843 |
|
1 | |
| System | Get Time | type = Ticks, time = 172968 |
|
1 | |
| System | Get Time | type = Ticks, time = 173078 |
|
1 | |
| System | Get Time | type = Ticks, time = 173218 |
|
1 | |
| System | Get Time | type = Ticks, time = 173343 |
|
1 | |
| System | Get Time | type = Ticks, time = 173500 |
|
2 | |
| System | Get Time | type = Ticks, time = 173687 |
|
1 | |
| System | Get Time | type = Ticks, time = 173812 |
|
1 | |
| System | Get Time | type = Ticks, time = 173953 |
|
1 | |
| System | Get Time | type = Ticks, time = 174109 |
|
1 | |
| System | Get Time | type = Ticks, time = 174250 |
|
1 | |
| System | Get Time | type = Ticks, time = 174375 |
|
1 | |
| System | Get Time | type = Ticks, time = 174531 |
|
2 | |
| System | Get Time | type = Ticks, time = 174671 |
|
1 | |
| System | Get Time | type = Ticks, time = 174781 |
|
1 | |
| System | Get Time | type = Ticks, time = 174890 |
|
1 | |
| System | Get Time | type = Ticks, time = 175000 |
|
1 | |
| System | Get Time | type = Ticks, time = 175140 |
|
1 | |
| System | Get Time | type = Ticks, time = 175281 |
|
1 | |
| System | Get Time | type = Ticks, time = 175406 |
|
1 | |
| System | Get Time | type = Ticks, time = 175515 |
|
1 | |
| System | Get Time | type = Ticks, time = 175687 |
|
2 | |
| System | Get Time | type = Ticks, time = 175812 |
|
1 | |
| System | Get Time | type = Ticks, time = 175921 |
|
1 | |
| System | Get Time | type = Ticks, time = 176031 |
|
1 | |
| System | Get Time | type = Ticks, time = 176140 |
|
1 | |
| System | Get Time | type = Ticks, time = 176421 |
|
1 | |
| System | Get Time | type = Ticks, time = 176546 |
|
1 | |
| System | Get Time | type = Ticks, time = 176671 |
|
1 | |
| System | Get Time | type = Ticks, time = 176781 |
|
2 | |
| System | Get Time | type = Ticks, time = 177093 |
|
1 | |
| System | Get Time | type = Ticks, time = 177265 |
|
1 | |
| System | Get Time | type = Ticks, time = 177421 |
|
1 | |
| System | Get Time | type = Ticks, time = 177625 |
|
1 | |
| System | Get Time | type = Ticks, time = 178078 |
|
2 | |
| System | Get Time | type = Ticks, time = 178546 |
|
1 | |
| System | Get Time | type = Ticks, time = 178718 |
|
1 | |
| System | Get Time | type = Ticks, time = 178921 |
|
1 | |
| System | Get Time | type = Ticks, time = 179062 |
|
1 | |
| System | Get Time | type = Ticks, time = 179250 |
|
2 | |
| System | Get Time | type = Ticks, time = 179359 |
|
1 | |
| System | Get Time | type = Ticks, time = 179468 |
|
1 | |
| System | Get Time | type = Ticks, time = 179578 |
|
1 | |
| System | Get Time | type = Ticks, time = 179687 |
|
1 | |
| System | Get Time | type = Ticks, time = 179796 |
|
1 | |
| System | Get Time | type = Ticks, time = 179937 |
|
1 | |
| System | Get Time | type = Ticks, time = 180046 |
|
1 | |
| System | Get Time | type = Ticks, time = 180171 |
|
1 | |
| System | Get Time | type = Ticks, time = 180281 |
|
2 | |
| System | Get Time | type = Ticks, time = 180390 |
|
1 | |
| System | Get Time | type = Ticks, time = 180515 |
|
1 | |
| System | Get Time | type = Ticks, time = 180640 |
|
1 | |
| System | Get Time | type = Ticks, time = 180750 |
|
1 | |
| System | Get Time | type = Ticks, time = 180859 |
|
1 | |
| System | Get Time | type = Ticks, time = 180968 |
|
1 | |
| System | Get Time | type = Ticks, time = 181078 |
|
1 | |
| System | Get Time | type = Ticks, time = 181187 |
|
1 | |
| System | Get Time | type = Ticks, time = 181296 |
|
2 | |
| System | Get Time | type = Ticks, time = 181500 |
|
1 | |
| System | Get Time | type = Ticks, time = 181781 |
|
1 | |
| System | Get Time | type = Ticks, time = 182109 |
|
1 | |
| System | Get Time | type = Ticks, time = 182343 |
|
2 | |
| System | Get Time | type = Ticks, time = 182781 |
|
1 | |
| System | Get Time | type = Ticks, time = 183125 |
|
1 | |
| System | Get Time | type = Ticks, time = 183406 |
|
2 | |
| System | Get Time | type = Ticks, time = 183562 |
|
1 | |
| System | Get Time | type = Ticks, time = 183687 |
|
1 | |
| System | Get Time | type = Ticks, time = 184031 |
|
1 | |
| System | Get Time | type = Ticks, time = 184156 |
|
1 | |
| System | Get Time | type = Ticks, time = 184343 |
|
1 | |
| System | Get Time | type = Ticks, time = 184453 |
|
2 | |
| System | Get Time | type = Ticks, time = 184562 |
|
1 | |
| System | Get Time | type = Ticks, time = 184671 |
|
1 | |
| System | Get Time | type = Ticks, time = 184812 |
|
1 | |
| System | Get Time | type = Ticks, time = 184921 |
|
1 |
Thread 0x39c
890
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
4 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, type = size, size_out = 144072 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll, size = 1048560, size_out = 144072 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 144080 |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\SafeOS\GetCurrentOOBE.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\SetupResources.dll, type = size, size_out = 17240 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1025\SetupResources.dll, size = 1048560, size_out = 17240 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 17248 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1025\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1025\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1025\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\SetupResources.dll, type = size, size_out = 19288 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1032\SetupResources.dll, size = 1048560, size_out = 19288 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, size = 19296 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1032\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1032\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\SetupResources.dll, type = size, size_out = 18264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1035\SetupResources.dll, size = 1048560, size_out = 18264 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18272 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1035\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1035\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\SetupResources.dll, type = size, size_out = 18264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1040\SetupResources.dll, size = 1048560, size_out = 18264 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18272 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1040\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1040\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\SetupResources.dll, type = size, size_out = 18264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1045\SetupResources.dll, size = 1048560, size_out = 18264 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18272 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1045\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1045\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\SetupResources.dll, type = size, size_out = 18264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1046\SetupResources.dll, size = 1048560, size_out = 18264 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18272 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1046\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1046\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\SetupResources.dll, type = size, size_out = 18776 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2070\SetupResources.dll, size = 1048560, size_out = 18776 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18784 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2070\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\2070\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate2.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate8.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico, type = size, size_out = 1150 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico, size = 1048560, size_out = 1150 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 1152 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 238 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\SysReqMet.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Core.mzz, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core.mzz, type = size, size_out = 181483595 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core.mzz, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\588bce7c90097ed212\netfx_Core.mzz, destination_filename = C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[basecrypt@aol.com].BSC, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[basecrypt@aol.com].BSC, size = 786696 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Core.mzz.id-B4197730.[basecrypt@aol.com].BSC, size = 262144 |
|
3 | |
| File | Create | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi, type = size, size_out = 184832 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi, size = 1048560, size_out = 184832 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 184848 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 244 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\RGB9RAST_x64.msi |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi, type = size, size_out = 94720 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi, size = 1048560, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 94736 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 244 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\RGB9Rast_x86.msi |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Setup.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Setup.exe, type = size, size_out = 78152 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Setup.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Setup.exe.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Setup.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Setup.exe.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Setup.exe, size = 1048560, size_out = 78152 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Setup.exe.id-B4197730.[basecrypt@aol.com].BSC, size = 78160 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Setup.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Setup.exe.id-B4197730.[basecrypt@aol.com].BSC, size = 230 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Setup.exe |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupEngine.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupEngine.dll, type = size, size_out = 807256 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupEngine.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupEngine.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupEngine.dll, size = 1048560, size_out = 807256 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 807264 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupEngine.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupEngine.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 242 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\SetupEngine.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu, type = size, size_out = 2192672 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu, destination_filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 786734 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 262144 |
|
3 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu, type = size, size_out = 2141433 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu, destination_filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 786734 |
|
1 |
Thread 0xd30
891
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
4 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini, type = size, size_out = 577 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd, size = 1048560, size_out = 577 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, size = 592 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1031\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, size = 260 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, type = size, size_out = 17240 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, size = 1048560, size_out = 17240 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 17248 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1033\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\SetupResources.dll, type = size, size_out = 16728 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1037\SetupResources.dll, size = 1048560, size_out = 16728 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 16736 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1037\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1037\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\SetupResources.dll, type = size, size_out = 15192 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1042\SetupResources.dll, size = 1048560, size_out = 15192 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 15200 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1042\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1042\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1042\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\SetupResources.dll, type = size, size_out = 19288 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1043\SetupResources.dll, size = 1048560, size_out = 19288 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 19296 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1043\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1043\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\SetupResources.dll, type = size, size_out = 18264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1049\SetupResources.dll, size = 1048560, size_out = 18264 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18272 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1049\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1049\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\SetupResources.dll, type = size, size_out = 14168 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2052\SetupResources.dll, size = 1048560, size_out = 14168 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 14176 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2052\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2052\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\2052\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\SetupResources.dll, type = size, size_out = 14168 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3076\SetupResources.dll, size = 1048560, size_out = 14168 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 14176 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3076\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\3076\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate1.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate5.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Setup.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Setup.ico, type = size, size_out = 36710 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Setup.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Setup.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Setup.ico, size = 1048560, size_out = 36710 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 36720 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Setup.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 230 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Setup.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico, type = size, size_out = 1150 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico, size = 1048560, size_out = 1150 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 1152 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 244 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\warn.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\warn.ico, type = size, size_out = 10134 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\warn.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\warn.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\warn.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\warn.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\warn.ico, size = 1048560, size_out = 10134 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 10144 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Core_x64.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\warn.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, type = size, size_out = 1163264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, size = 1048560, size_out = 114704 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 114720 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi, type = size, size_out = 872448 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi, size = 1048560, size_out = 872448 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 872464 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 256 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\netfx_Extended_x64.msi |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi, type = size, size_out = 495616 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi, size = 1048560, size_out = 495616 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 495632 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 256 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\netfx_Extended_x86.msi |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUi.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUi.dll, type = size, size_out = 295248 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUi.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUi.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupUi.dll, size = 1048560, size_out = 295248 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 295264 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupUi.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupUi.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\SetupUi.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu, type = size, size_out = 5198099 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu, destination_filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 786734 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 262144 |
|
3 |
Thread 0x7bc
789
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
4 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\preoobe.cmd, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd, type = size, size_out = 74 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\preoobe.cmd, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\preoobe.cmd.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\preoobe.cmd, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\preoobe.cmd.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\preoobe.cmd, size = 1048560, size_out = 74 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\preoobe.cmd.id-B4197730.[basecrypt@aol.com].BSC, size = 80 |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\preoobe.cmd, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\preoobe.cmd.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\SafeOS\preoobe.cmd |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\SetupResources.dll, type = size, size_out = 14168 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1028\SetupResources.dll, size = 1048560, size_out = 14168 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 14176 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1030\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1028\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1028\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\SetupResources.dll, type = size, size_out = 18776 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1031\SetupResources.dll, size = 1048560, size_out = 18776 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, size = 18784 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1037\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\SetupResources.dll, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1031\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\SetupResources.dll, type = size, size_out = 18776 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1038\SetupResources.dll, size = 1048560, size_out = 18776 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18784 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1038\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1038\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1038\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\SetupResources.dll, type = size, size_out = 15704 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1041\SetupResources.dll, size = 1048560, size_out = 15704 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 15712 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1041\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1041\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\SetupResources.dll, type = size, size_out = 17752 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1044\SetupResources.dll, size = 1048560, size_out = 17752 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 17760 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1044\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1044\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\SetupResources.dll, type = size, size_out = 17752 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1055\SetupResources.dll, size = 1048560, size_out = 17752 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 17760 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1055\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1055\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\DisplayIcon.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\DisplayIcon.ico, type = size, size_out = 88533 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\DisplayIcon.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\DisplayIcon.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\DisplayIcon.ico, size = 1048560, size_out = 88533 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 88544 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\DisplayIcon.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\DisplayIcon.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 242 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\DisplayIcon.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Print.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Print.ico, type = size, size_out = 1150 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Print.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Print.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Print.ico, size = 1048560, size_out = 1150 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 1152 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Print.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Print.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 230 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Print.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate4.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate6.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\stop.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\stop.ico, type = size, size_out = 10134 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\stop.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\stop.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\stop.ico, size = 1048560, size_out = 10134 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 10144 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\stop.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\stop.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Core_x64.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core_x64.msi, type = size, size_out = 1901056 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core_x64.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Core_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\588bce7c90097ed212\netfx_Core_x64.msi, destination_filename = C:\588bce7c90097ed212\netfx_Core_x64.msi.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Core_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Core_x64.msi.id-B4197730.[basecrypt@aol.com].BSC, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi, size = 786704 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi, size = 262144 |
|
3 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUtility.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUtility.exe, type = size, size_out = 96088 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUtility.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUtility.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupUtility.exe, size = 1048560, size_out = 96088 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[basecrypt@aol.com].BSC, size = 96096 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupUtility.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupUtility.exe.id-B4197730.[basecrypt@aol.com].BSC, size = 244 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\SetupUtility.exe |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\sqmapi.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\sqmapi.dll, type = size, size_out = 144416 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\sqmapi.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\sqmapi.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\sqmapi.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\sqmapi.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\sqmapi.dll, size = 1048560, size_out = 144416 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml, size = 144432 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\sqmapi.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml, size = 232 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\sqmapi.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu, type = size, size_out = 5091790 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu, destination_filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 786734 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu.id-B4197730.[basecrypt@aol.com].BSC, size = 262144 |
|
3 |
Thread 0xcc8
519
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
4 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd, type = size, size_out = 307 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd, size = 1048560, size_out = 307 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, size = 320 |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\SafeOS\SetupComplete.cmd |
|
1 | |
| File | Create | filename = C:\$WINRE_BACKUP_PARTITION.MARKER, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$WINRE_BACKUP_PARTITION.MARKER, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\SetupResources.dll, type = size, size_out = 18264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1029\SetupResources.dll, size = 1048560, size_out = 18264 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18272 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1029\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1029\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1029\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\SetupResources.dll, type = size, size_out = 18264 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1030\SetupResources.dll, size = 1048560, size_out = 18264 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18272 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1030\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1030\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1030\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\SetupResources.dll, type = size, size_out = 18776 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1036\SetupResources.dll, size = 1048560, size_out = 18776 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18784 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1036\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1049\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1036\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\SetupResources.dll, type = size, size_out = 17752 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1053\SetupResources.dll, size = 1048560, size_out = 17752 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\eula.rtf, size = 17760 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1053\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\eula.rtf, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1053\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\SetupResources.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\SetupResources.dll, type = size, size_out = 18776 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\SetupResources.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\SetupResources.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3082\SetupResources.dll, size = 1048560, size_out = 18776 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 18784 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3082\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3082\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 248 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\3082\SetupResources.dll |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate3.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico, type = size, size_out = 894 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico, size = 1048560, size_out = 894 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 896 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Rotate7.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Save.ico, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Save.ico, type = size, size_out = 1150 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Save.ico, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Graphics\Save.ico.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Save.ico, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Graphics\Save.ico.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Save.ico, size = 1048560, size_out = 1150 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\eula.rtf, size = 1152 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Save.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\eula.rtf, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Graphics\Save.ico |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended.mzz, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended.mzz, type = size, size_out = 43131591 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended.mzz, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\netfx_Extended.mzz.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\588bce7c90097ed212\netfx_Extended.mzz, destination_filename = C:\588bce7c90097ed212\netfx_Extended.mzz.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\netfx_Extended.mzz.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\netfx_Extended.mzz.id-B4197730.[basecrypt@aol.com].BSC, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Extended.mzz.id-B4197730.[basecrypt@aol.com].BSC, size = 786704 |
|
1 |
Thread 0xce0
249
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xf3c
1539
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
3 | |
| File | Create | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[basecrypt@aol.com].BSC, type = size, size_out = 6004 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log, size = 1048560, size_out = 6004 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[basecrypt@aol.com].BSC, size = 6016 |
|
1 | |
| File | Read | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log.id-B4197730.[basecrypt@aol.com].BSC, size = 276 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\Logs\oobe_2017_09_07_03_08_57_737.log |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\eula.rtf, type = size, size_out = 7567 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1025\eula.rtf, size = 1048560, size_out = 7567 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 7568 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1025\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1025\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1025\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\eula.rtf, type = size, size_out = 3726 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1029\eula.rtf, size = 1048560, size_out = 3726 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3728 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1025\SetupResources.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1029\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1029\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml, type = size, size_out = 77748 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml, size = 1048560, size_out = 77748 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 77760 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1030\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, type = size, size_out = 3419 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1031\eula.rtf, size = 1048560, size_out = 3419 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3424 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1031\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1031\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1031\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\eula.rtf, type = size, size_out = 3702 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1035\eula.rtf, size = 1048560, size_out = 3702 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3712 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1035\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1035\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1035\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml, type = size, size_out = 77022 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml, size = 1048560, size_out = 77022 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 77024 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1035\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\eula.rtf, type = size, size_out = 3526 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1036\eula.rtf, size = 1048560, size_out = 3526 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3536 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1036\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1036\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1036\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml, type = size, size_out = 86442 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml, size = 1048560, size_out = 86442 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 86448 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1038\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\eula.rtf, type = size, size_out = 10125 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1041\eula.rtf, size = 1048560, size_out = 10125 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 10128 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1041\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1041\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1041\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml, type = size, size_out = 65238 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml, size = 1048560, size_out = 65238 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 65248 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1042\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml, type = size, size_out = 79634 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml, size = 1048560, size_out = 79634 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 79648 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1043\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml, type = size, size_out = 79296 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml, size = 1048560, size_out = 79296 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 79312 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1044\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml, type = size, size_out = 80738 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml, size = 1048560, size_out = 80738 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 80752 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1046\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\eula.rtf, type = size, size_out = 3859 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1055\eula.rtf, size = 1048560, size_out = 3859 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3872 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1055\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1055\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1055\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\eula.rtf, type = size, size_out = 4015 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2070\eula.rtf, size = 1048560, size_out = 4015 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 4016 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2070\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\2070\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml, type = size, size_out = 79996 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml, size = 1048560, size_out = 79996 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 80000 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\3082\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\DHtmlHeader.html, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\DHtmlHeader.html, type = size, size_out = 16118 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\DHtmlHeader.html, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\DHtmlHeader.html, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\DHtmlHeader.html, size = 1048560, size_out = 16118 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[basecrypt@aol.com].BSC, size = 16128 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\DHtmlHeader.html, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\DHtmlHeader.html.id-B4197730.[basecrypt@aol.com].BSC, size = 244 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\DHtmlHeader.html |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\header.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\header.bmp, type = size, size_out = 3628 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\header.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\header.bmp.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\header.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\header.bmp.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\header.bmp, size = 1048560, size_out = 3628 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\header.bmp.id-B4197730.[basecrypt@aol.com].BSC, size = 3632 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\header.bmp, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\header.bmp.id-B4197730.[basecrypt@aol.com].BSC, size = 232 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\header.bmp |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Strings.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Strings.xml, type = size, size_out = 14084 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Strings.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Strings.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Strings.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Strings.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Strings.xml, size = 1048560, size_out = 14084 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Strings.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 14096 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Strings.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Strings.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Strings.xml |
|
1 | |
| File | Create | filename = C:\Boot\updaterevokesipolicy.p7b, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\updaterevokesipolicy.p7b, type = size, size_out = 4662 |
|
1 | |
| File | Get Info | filename = C:\Boot\updaterevokesipolicy.p7b, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\updaterevokesipolicy.p7b.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\updaterevokesipolicy.p7b, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml, type = size, size_out = 4782 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml, size = 1048560, size_out = 4782 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 4784 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\microsoft shared\ink\Content.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 260 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 111320 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml, type = size, size_out = 3524 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml, type = size, size_out = 738 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml, type = size, size_out = 11067 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml, type = size, size_out = 44506 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, type = size, size_out = 737 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml, type = size, size_out = 215 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, type = size, size_out = 213 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml, type = size, size_out = 219 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml, type = size, size_out = 694 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 |
Thread 0xf34
1477
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
3 | |
| File | Create | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log, type = size, size_out = 42674 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log, size = 1048560, size_out = 42674 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[basecrypt@aol.com].BSC, size = 42688 |
|
1 | |
| File | Read | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log.id-B4197730.[basecrypt@aol.com].BSC, size = 286 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\Logs\downlevel_2017_09_07_02_02_39_766.log |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini, size = 1048560, size_out = 129 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, size = 144 |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\$Recycle.Bin\S-1-5-18\desktop.ini |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini, size = 1048560, size_out = 129 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, size = 144 |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\$Recycle.Bin\S-1-5-21-1051304884-625712362-2192934891-1000\desktop.ini |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\eula.rtf, type = size, size_out = 6309 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1028\eula.rtf, size = 1048560, size_out = 6309 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 6320 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1028\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1028\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1028\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml, type = size, size_out = 60816 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml, size = 1048560, size_out = 60816 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1032\eula.rtf, size = 60832 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1033\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1032\eula.rtf, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1028\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml, type = size, size_out = 86284 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml, size = 1048560, size_out = 86284 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 86288 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\eula.rtf, type = size, size_out = 6851 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1037\eula.rtf, size = 1048560, size_out = 6851 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 6864 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1045\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1037\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1037\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml, type = size, size_out = 72076 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml, size = 1048560, size_out = 72076 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 72080 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1046\SetupResources.dll.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1037\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml, type = size, size_out = 80060 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml, size = 1048560, size_out = 80060 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 80064 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1040\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\eula.rtf, type = size, size_out = 4040 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1045\eula.rtf, size = 1048560, size_out = 4040 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 4048 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1045\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1045\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1045\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\eula.rtf, type = size, size_out = 54456 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1049\eula.rtf, size = 1048560, size_out = 54456 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 54464 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1049\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1049\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1049\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\eula.rtf, type = size, size_out = 3865 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1053\eula.rtf, size = 1048560, size_out = 3865 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3872 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1053\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1053\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1053\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml, type = size, size_out = 76818 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml, size = 1048560, size_out = 76818 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 76832 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1055\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\eula.rtf, type = size, size_out = 6309 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3076\eula.rtf, size = 1048560, size_out = 6309 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 6320 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3076\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\3076\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\eula.rtf, type = size, size_out = 3069 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3082\eula.rtf, size = 1048560, size_out = 3069 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3072 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3082\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3082\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\3082\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml, type = size, size_out = 93314 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml, size = 1048560, size_out = 93314 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, size = 93328 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\netfx_Core_x86.msi, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Extended\Parameterinfo.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\ParameterInfo.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\ParameterInfo.xml, type = size, size_out = 272046 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\ParameterInfo.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\ParameterInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\ParameterInfo.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\ParameterInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\ParameterInfo.xml, size = 1048560, size_out = 272046 |
|
1 | |
| File | Write | filename = C:\Boot\updaterevokesipolicy.p7b, size = 272048 |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Boot\updaterevokesipolicy.p7b, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\ParameterInfo.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml, type = size, size_out = 4450 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml, size = 1048560, size_out = 4450 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 4464 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 264 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi, type = size, size_out = 48936 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi, type = size, size_out = 180172 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi, type = size, size_out = 208408 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi, type = size, size_out = 199994 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi, type = size, size_out = 181964 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml, type = size, size_out = 1600388 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi, destination_filename = C:\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml, type = size, size_out = 3529 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml, type = size, size_out = 804 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml, type = size, size_out = 488 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml, type = size, size_out = 617 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml, type = size, size_out = 16616 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml, type = size, size_out = 15097 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml, type = size, size_out = 9803 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat, destination_filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat.id-B4197730.[basecrypt@aol.com].BSC |
|
1 |
Thread 0xcd8
1487
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
4 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml, type = size, size_out = 156 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini, size = 1048560, size_out = 156 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[basecrypt@aol.com].BSC, size = 160 |
|
1 | |
| File | Read | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini.id-B4197730.[basecrypt@aol.com].BSC, size = 256 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\SafeOS\GetCurrentRollback.ini |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\eula.rtf, type = size, size_out = 3314 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1030\eula.rtf, size = 1048560, size_out = 3314 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3328 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1030\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1030\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1030\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, type = size, size_out = 82346 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, size = 1048560, size_out = 82346 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 82352 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1031\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml, type = size, size_out = 68226 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml, size = 1048560, size_out = 68226 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 68240 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1041\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\eula.rtf, type = size, size_out = 12687 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1042\eula.rtf, size = 1048560, size_out = 12687 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 12688 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1042\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1042\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1042\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\eula.rtf, type = size, size_out = 3546 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1043\eula.rtf, size = 1048560, size_out = 3546 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3552 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1043\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1043\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1043\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\eula.rtf, type = size, size_out = 3046 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1044\eula.rtf, size = 1048560, size_out = 3046 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3056 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1044\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1044\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1044\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\eula.rtf, type = size, size_out = 3683 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1046\eula.rtf, size = 1048560, size_out = 3683 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3696 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1046\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1046\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1046\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml, type = size, size_out = 77680 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml, size = 1048560, size_out = 77680 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 77696 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1053\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml, type = size, size_out = 60684 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml, size = 1048560, size_out = 60684 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\eula.rtf, size = 60688 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Setup.ico.id-B4197730.[basecrypt@aol.com].BSC, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\eula.rtf, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\2052\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml, type = size, size_out = 60816 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml, size = 1048560, size_out = 60816 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 60832 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\3076\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Client\UiInfo.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Client\UiInfo.xml, type = size, size_out = 39042 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Client\UiInfo.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Client\UiInfo.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Client\UiInfo.xml, size = 1048560, size_out = 39042 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 39056 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Client\UiInfo.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Client\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 232 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Client\UiInfo.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUi.xsd, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUi.xsd, type = size, size_out = 30120 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUi.xsd, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUi.xsd, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupUi.xsd, size = 1048560, size_out = 30120 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[basecrypt@aol.com].BSC, size = 30128 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SetupUi.xsd, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SetupUi.xsd.id-B4197730.[basecrypt@aol.com].BSC, size = 234 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\SetupUi.xsd |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\watermark.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\watermark.bmp, type = size, size_out = 104072 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\watermark.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\watermark.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\watermark.bmp, size = 1048560, size_out = 104072 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[basecrypt@aol.com].BSC, size = 104080 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\watermark.bmp, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\watermark.bmp.id-B4197730.[basecrypt@aol.com].BSC, size = 238 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\watermark.bmp |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = size, size_out = 8192 |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 1048560, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK.id-B4197730.[basecrypt@aol.com].BSC, size = 8208 |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK.id-B4197730.[basecrypt@aol.com].BSC, size = 236 |
|
1 | |
| File | Delete | filename = C:\BOOTSECT.BAK |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml, type = size, size_out = 4136 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml, size = 1048560, size_out = 4136 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 4144 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 256 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\Content.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\Content.xml, type = size, size_out = 27045 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\Content.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\Content.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\Content.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi, type = size, size_out = 84190 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 212 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml, type = size, size_out = 903 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml, type = size, size_out = 903 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml, type = size, size_out = 693 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml, type = size, size_out = 3333 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml, type = size, size_out = 247 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml, type = size, size_out = 471 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml, type = size, size_out = 1069 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml, type = size, size_out = 1853 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml, type = size, size_out = 924 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml, type = size, size_out = 215 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml, type = size, size_out = 591 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml, type = size, size_out = 2626 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 |
Thread 0xd78
1453
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x75e90000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x75ea6b30 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
3 | |
| File | Create | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log, type = size, size_out = 40 |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log, size = 1048560, size_out = 40 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id-B4197730.[basecrypt@aol.com].BSC, size = 48 |
|
1 | |
| File | Read | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log.id-B4197730.[basecrypt@aol.com].BSC, size = 272 |
|
1 | |
| File | Delete | filename = C:\$GetCurrent\Logs\PartnerSetupCompleteResult.log |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml, type = size, size_out = 74214 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml, size = 1048560, size_out = 74214 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 74224 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1025\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml, type = size, size_out = 80970 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml, size = 1048560, size_out = 80970 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 80976 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1029\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\LocalizedData.xml, type = size, size_out = 8876 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1032\eula.rtf, size = 1048560, size_out = 8876 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 8880 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1032\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1032\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1032\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\eula.rtf, type = size, size_out = 3188 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1033\eula.rtf, size = 1048560, size_out = 3188 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3200 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1033\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1033\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml, type = size, size_out = 77232 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml, size = 1048560, size_out = 77232 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 77248 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1033\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml, type = size, size_out = 82962 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml, size = 1048560, size_out = 82962 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 82976 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1036\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\eula.rtf, type = size, size_out = 4254 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1038\eula.rtf, size = 1048560, size_out = 4254 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 4256 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1038\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1038\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1038\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\eula.rtf, type = size, size_out = 3643 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1040\eula.rtf, size = 1048560, size_out = 3643 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 3648 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1040\eula.rtf, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1040\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1040\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml, type = size, size_out = 82374 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml, size = 1048560, size_out = 82374 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 82384 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1045\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml, type = size, size_out = 81482 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml, size = 1048560, size_out = 81482 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 81488 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\1049\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\eula.rtf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\eula.rtf, type = size, size_out = 5827 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\eula.rtf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2052\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\eula.rtf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2052\eula.rtf.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2052\eula.rtf, size = 1048560, size_out = 5827 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\stop.ico, size = 5840 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Graphics\Setup.ico, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Graphics\stop.ico, size = 228 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\2052\eula.rtf |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml, type = size, size_out = 80254 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml, size = 1048560, size_out = 80254 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 80256 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\2070\LocalizedData.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml, type = size, size_out = 201796 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml, size = 1048560, size_out = 201796 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 201808 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 246 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Client\Parameterinfo.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml, type = size, size_out = 39050 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml, size = 1048560, size_out = 39050 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 39056 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 232 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\Extended\UiInfo.xml |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SplashScreen.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SplashScreen.bmp, type = size, size_out = 41080 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SplashScreen.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SplashScreen.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SplashScreen.bmp, size = 1048560, size_out = 41080 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[basecrypt@aol.com].BSC, size = 41088 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\SplashScreen.bmp, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\SplashScreen.bmp.id-B4197730.[basecrypt@aol.com].BSC, size = 244 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\SplashScreen.bmp |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\UiInfo.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\UiInfo.xml, type = size, size_out = 38898 |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\UiInfo.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\UiInfo.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\UiInfo.xml, size = 1048560, size_out = 38898 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 38912 |
|
1 | |
| File | Read | filename = C:\588bce7c90097ed212\UiInfo.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\588bce7c90097ed212\UiInfo.xml.id-B4197730.[basecrypt@aol.com].BSC, size = 232 |
|
1 | |
| File | Delete | filename = C:\588bce7c90097ed212\UiInfo.xml |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\updaterevokesipolicy.p7b, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT.id-B4197730.[basecrypt@aol.com].BSC, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 1048560, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT.id-B4197730.[basecrypt@aol.com].BSC, size = 65552 |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT.id-B4197730.[basecrypt@aol.com].BSC, size = 236 |
|
1 | |
| File | Delete | filename = C:\Boot\BOOTSTAT.DAT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\Content.xml, type = size, size_out = 791421 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\split.avi, type = size, size_out = 46622 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 1434 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml, type = size, size_out = 215 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml, type = size, size_out = 384 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml, type = size, size_out = 392 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml, type = size, size_out = 10947 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml, type = size, size_out = 221 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat, type = size, size_out = 3380096 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat, destination_filename = C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.id-B4197730.[basecrypt@aol.com].BSC |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml, type = size, size_out = 2436 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml, type = size, size_out = 2618 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.id-B4197730.[basecrypt@aol.com].BSC, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 |
Thread 0xf50
747
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Process #2: cmd.exe
284
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:33, Reason: Child Process |
| Unmonitor | End Time: 00:01:59, Reason: Self Terminated |
| Monitor Duration | 00:00:26 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9fc |
| Parent PID | 0x408 (c:\users\fd1hvy\desktop\reaitek.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A78
0x
E38
|
Threads
Thread 0xa78
284
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x7ff6e2070000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x7ff92fdea990 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 4, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\WINDOWS\system32\cmd.exe, size = 32743 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\FD1HVy\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 52 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x7ff92fdd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x7ff92fdee830 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x7ff92fdee300 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x7ff92f1b0a40 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Process | Create | process_name = C:\WINDOWS\system32\mode.com, os_pid = 0x49c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x7ff931f40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x7ff931fe56b0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\WINDOWS\system32\mode.com, address = 600707293184, size = 1952 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Process | Create | process_name = C:\WINDOWS\system32\vssadmin.exe, os_pid = 0xcb8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\WINDOWS\system32\vssadmin.exe, address = 844142108672, size = 1952 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 40010004 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 |
Process #4: mode.com
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\mode.com |
| Command Line | mode con cp select=1251 |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:44, Reason: Child Process |
| Unmonitor | End Time: 00:01:52, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x49c |
| Parent PID | 0x9fc (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4B0
0x
D98
0x
4E4
|
Process #5: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:58, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcb8 |
| Parent PID | 0x9fc (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
3A8
0x
B10
|
