5280edad1dcecca9b0542556a775961bc620c31a06f2fe6383792a6f300ed81e (SHA256)
winhost.exe
Windows Exe (x86-32)
Created at 2019-01-19 11:52:00
Notifications (2/5)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: winhost.exe
212
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:18, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:23, Reason: Self Terminated |
| Monitor Duration | 00:03:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x960 |
| Parent PID | 0x460 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
964
0x
978
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | rw |
|
|
|
- |
| imm32.dll | 0x00220000 | 0x0023dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x0025dfff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000260000 | 0x00260000 | 0x0026dfff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x00290fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x00260fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000000270000 | 0x00270000 | 0x00276fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000280000 | 0x00280000 | 0x00281fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x00295fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x002bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x002b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x003befff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x00371fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x00381fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x00390fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x0039ffff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | rwx |
|
|
|
- |
| winhost.exe | 0x00400000 | 0x008fbfff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000980000 | 0x00980000 | 0x00981fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009f0000 | 0x009f0000 | 0x009f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000a00000 | 0x00a00000 | 0x00a00fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000a10000 | 0x00a10000 | 0x00a10fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000a20000 | 0x00a20000 | 0x00a20fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000a30000 | 0x00a30000 | 0x00b2ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000b30000 | 0x00b30000 | 0x00cb7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000cc0000 | 0x00cc0000 | 0x00e40fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000e50000 | 0x00e50000 | 0x0224ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002250000 | 0x02250000 | 0x0265ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02250000 | 0x0251efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x0268ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000002660000 | 0x02660000 | 0x02a6ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002670000 | 0x02670000 | 0x02671fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002680000 | 0x02680000 | 0x0268ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002690000 | 0x02690000 | 0x02880fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026d0000 | 0x026d0000 | 0x027cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000027d0000 | 0x027d0000 | 0x0286ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027d0000 | 0x027d0000 | 0x0280ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002830000 | 0x02830000 | 0x0286ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002870000 | 0x02870000 | 0x0294efff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002890000 | 0x02890000 | 0x02a80fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002950000 | 0x02950000 | 0x02b7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002950000 | 0x02950000 | 0x02a4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b40000 | 0x02b40000 | 0x02b7ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x02b80000 | 0x034affff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000034b0000 | 0x034b0000 | 0x038a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000038b0000 | 0x038b0000 | 0x0b8b0fff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x75250000 | 0x752d3fff | Memory Mapped File | rwx |
|
|
|
- |
| winmm.dll | 0x752e0000 | 0x75311fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x75320000 | 0x75332fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x75340000 | 0x753bffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x753d0000 | 0x753d7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x753e0000 | 0x7543bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75440000 | 0x7547efff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x75480000 | 0x75488fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75590000 | 0x7559bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x755a0000 | 0x755fffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75660000 | 0x7570bfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75710000 | 0x75719fff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x759e0000 | 0x75a5afff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x75a60000 | 0x75a78fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75a80000 | 0x75b0ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x75b10000 | 0x75bfffff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75cc0000 | 0x76909fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x76b30000 | 0x76bfbfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x76c00000 | 0x76c5ffff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x76e30000 | 0x76f8bfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76f90000 | 0x7702ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x771d0000 | 0x772cffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77350000 | 0x773a6fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x773b0000 | 0x774bffff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x774c0000 | 0x7754efff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77550000 | 0x775ecfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x775f0000 | 0x77635fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077640000 | 0x77640000 | 0x77739fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077740000 | 0x77740000 | 0x7785efff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77860000 | 0x77a08fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77a40000 | 0x77bbffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 9 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\.\SICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\SIWVID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\NTICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\system32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_SYSTEM, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Read | C:\Windows\system32\ntdll.dll | size = 32, size_out = 32 |
|
1 |
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Wine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Hardware\description\System | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | value_name = DriverDesc, data = 83 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = SystemBiosVersion, data = 80 |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = VideoBiosVersion, data = 80 |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe" | os_pid = 0x67c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 |
Thread (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Context | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | os_tid = 0x964 |
|
1 | |
| Set Context | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | os_tid = 0x964 |
|
1 | |
| Resume | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | os_tid = 0x964 |
|
1 |
Module (150)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | USER32.dll | base_address = 0x771d0000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x76f90000 |
|
1 | |
| Load | NTDLL.dll | base_address = 0x77a40000 |
|
1 | |
| Load | winmm.dll | base_address = 0x752e0000 |
|
2 | |
| Load | NTDLL | base_address = 0x77a40000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x773b0000 |
|
4 | |
| Load | user32.dll | base_address = 0x771d0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x76f90000 |
|
2 | |
| Load | oleaut32.dll | base_address = 0x774c0000 |
|
2 | |
| Load | version.dll | base_address = 0x75480000 |
|
1 | |
| Load | gdi32.dll | base_address = 0x75a80000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x75250000 |
|
1 | |
| Load | comdlg32.dll | base_address = 0x759e0000 |
|
1 | |
| Load | shell32 | base_address = 0x75cc0000 |
|
1 | |
| Load | user32 | base_address = 0x771d0000 |
|
1 | |
| Load | advapi32 | base_address = 0x76f90000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77a40000 |
|
14 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | base_address = 0x400000 |
|
91 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe, size = 256 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe, size = 512 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x773d10b5 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeGetTime, address_out = 0x752e26e0 |
|
2 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtOpenThread, address_out = 0x77a61128 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x77a5fda0 |
|
5 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateHeap, address_out = 0x77a6e026 |
|
2 | |
| Create Mapping | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 1634680 |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 1634680 |
|
1 | |
| Map | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe, desired_access = FILE_MAP_READ |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2aa0000 |
|
1 | |
| Map | - | process_name = "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe" , protection = PAGE_EXECUTE_READWRITE, address_out = 0x400000 |
|
1 | |
| Map | - | process_name = "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe" , protection = PAGE_EXECUTE_READWRITE, address_out = 0x1a0000 |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x2ac0000 |
|
1 |
Window (14)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = OLLYDBG |
|
1 | |
| Find | - | class_name = GBDYLLO |
|
1 | |
| Find | - | class_name = pediy06 |
|
1 | |
| Find | - | class_name = FilemonClass |
|
2 | |
| Find | File Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = PROCMON_WINDOW_CLASS |
|
2 | |
| Find | Process Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = RegmonClass |
|
1 | |
| Find | Registry Monitor - Sysinternals: www.sysinternals.com | - |
|
1 | |
| Find | - | class_name = 18467-41 |
|
1 |
System (18)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-19 22:52:55 (Local Time) |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-19 22:52:56 (Local Time) |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = SYSTEM_MODULE_INFORMATION |
|
5 |
Debug (7)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | - |
|
2 | |
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | - |
|
1 | |
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | - |
|
1 | |
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | - |
|
1 | |
| Hide | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | - |
|
1 | |
| c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | type = DEBUG_STRING, text = %s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------ |
|
1 |
Process #2: winhost.exe
10705
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:21, Reason: Child Process |
| Unmonitor | End Time: 00:03:46, Reason: Self Terminated |
| Monitor Duration | 00:00:25 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x67c |
| Parent PID | 0x960 (c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
600
0x
404
0x
410
0x
24C
0x
658
0x
768
0x
76C
0x
678
0x
128
0x
82C
0x
6C0
0x
33C
0x
858
0x
5B8
0x
5EC
0x
884
0x
888
0x
860
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| locale.nls | 0x001b0000 | 0x00216fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0026ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000260000 | 0x00260000 | 0x00266fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0029ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000270000 | 0x00270000 | 0x00276fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000002b0000 | 0x002b0000 | 0x002b1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x002cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x0031ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x0032ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000320000 | 0x00320000 | 0x00327fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000330000 | 0x00330000 | 0x00337fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| winhost.exe | 0x00400000 | 0x008fbfff | Memory Mapped File | rwx |
|
|
|
|
| pagefile_0x0000000000400000 | 0x00400000 | 0x00418fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x0055ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x0051ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000550000 | 0x00550000 | 0x0055ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0059ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x006bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x00847fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x009d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009e0000 | 0x009e0000 | 0x01ddffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001de0000 | 0x01de0000 | 0x0200ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001de0000 | 0x01de0000 | 0x01ee0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001de0000 | 0x01de0000 | 0x01edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01f1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f20000 | 0x01f20000 | 0x01f5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001fd0000 | 0x01fd0000 | 0x0200ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02010000 | 0x022defff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000022e0000 | 0x022e0000 | 0x023dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000023e0000 | 0x023e0000 | 0x024dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024e0000 | 0x024e0000 | 0x025dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x026dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000026e0000 | 0x026e0000 | 0x02ad2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002ae0000 | 0x02ae0000 | 0x02bdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002be0000 | 0x02be0000 | 0x02c1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c20000 | 0x02c20000 | 0x02d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d20000 | 0x02d20000 | 0x02d5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d60000 | 0x02d60000 | 0x02e5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002e60000 | 0x02e60000 | 0x02e9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ea0000 | 0x02ea0000 | 0x02f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fa0000 | 0x02fa0000 | 0x02fdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fe0000 | 0x02fe0000 | 0x030dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000030e0000 | 0x030e0000 | 0x0311ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003120000 | 0x03120000 | 0x0321ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003220000 | 0x03220000 | 0x0325ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003260000 | 0x03260000 | 0x0335ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003360000 | 0x03360000 | 0x0339ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000033a0000 | 0x033a0000 | 0x0349ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000034a0000 | 0x034a0000 | 0x034dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000034e0000 | 0x034e0000 | 0x035dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000035e0000 | 0x035e0000 | 0x036e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000036f0000 | 0x036f0000 | 0x037f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003800000 | 0x03800000 | 0x03900fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003910000 | 0x03910000 | 0x03a0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a10000 | 0x03a10000 | 0x03b10fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003b20000 | 0x03b20000 | 0x03c20fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003c30000 | 0x03c30000 | 0x03d30fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003d40000 | 0x03d40000 | 0x03e40fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003e50000 | 0x03e50000 | 0x03f50fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003f60000 | 0x03f60000 | 0x0415ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004160000 | 0x04160000 | 0x0419ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000041a0000 | 0x041a0000 | 0x0429ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000042a0000 | 0x042a0000 | 0x04320fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004330000 | 0x04330000 | 0x0472ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004730000 | 0x04730000 | 0x04830fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004840000 | 0x04840000 | 0x04940fff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x04950000 | 0x04a0ffff | Memory Mapped File | rw |
|
|
|
- |
| mpr.dll | 0x74a50000 | 0x74a61fff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x75260000 | 0x7526cfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x75270000 | 0x75278fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x75280000 | 0x7528afff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x75290000 | 0x7529efff | Memory Mapped File | rwx |
|
|
|
- |
| davhlpr.dll | 0x752a0000 | 0x752a7fff | Memory Mapped File | rwx |
|
|
|
- |
| davclnt.dll | 0x752b0000 | 0x752c6fff | Memory Mapped File | rwx |
|
|
|
- |
| ntlanman.dll | 0x752d0000 | 0x752e3fff | Memory Mapped File | rwx |
|
|
|
- |
| winsta.dll | 0x752f0000 | 0x75318fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x753d0000 | 0x753d7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x753e0000 | 0x7543bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75440000 | 0x7547efff | Memory Mapped File | rwx |
|
|
|
- |
| drprov.dll | 0x75480000 | 0x75487fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75590000 | 0x7559bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x755a0000 | 0x755fffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75660000 | 0x7570bfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75710000 | 0x75719fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x75a60000 | 0x75a78fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75a80000 | 0x75b0ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x75b10000 | 0x75bfffff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75cc0000 | 0x76909fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x76b30000 | 0x76bfbfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x76c00000 | 0x76c5ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76f90000 | 0x7702ffff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x77030000 | 0x77035fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x771d0000 | 0x772cffff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x77300000 | 0x77334fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77350000 | 0x773a6fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x773b0000 | 0x774bffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77550000 | 0x775ecfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x775f0000 | 0x77635fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077640000 | 0x77640000 | 0x77739fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077740000 | 0x77740000 | 0x7785efff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77860000 | 0x77a08fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77a40000 | 0x77bbffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef86000 | 0x7ef86000 | 0x7ef88fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef89000 | 0x7ef89000 | 0x7ef8bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8c000 | 0x7ef8c000 | 0x7ef8efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8f000 | 0x7ef8f000 | 0x7ef91fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | 0x964 | address = 0x400000, size = 102400 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | 0x964 | address = 0x1a0000, size = 4096 |
|
1 | |
| Modify Control Flow | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe | 0x964 | os_tid = 0x600, address = 0x77a501c4 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe | 1.94 MB |
MD5:
0abf20f96310971d6d283016da547225
SHA1: e2d317eca0ce8767ed73bef5e05d233c28f47d95 SHA256: 5280edad1dcecca9b0542556a775961bc620c31a06f2fe6383792a6f300ed81e SSDeep: 49152:s6oJh3BEs5tKQoRffT2r5b3Mx+fqheqVlwLeY/iGNNC:sj/3BEs+nqr132GqheIwLUG2 |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.44 KB |
MD5:
89e33df2af84c61c5520b6968d44cf09
SHA1: 5cc5c5f653f17ef6c7b94f19950abff28f53a118 SHA256: 52add4d6153cb3bd1b8baccdfd02158bf2a35b4ae8a714f9d978ca8e9d3bc625 SSDeep: 24:6L1DW2YeoOJxSKKJkCBAcMH3C/FgyfpyFp5DTC9QoFioZorHCekkRp+uu:6L1DWRe7JVXXCa8pej5SPu7CekkRRu |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.80 KB |
MD5:
30701f1c8ebc43cd2c20a821fb084dfd
SHA1: 1a3ddb78291466ffd03520dd980228aa366969de SHA256: 0216dcdec769ad0d698e7075278dcd4fe0f79e4f10562f3881f19708273464d0 SSDeep: 48:sjkeuB92WraQD5fc3ir6nwzCWcLcONXo3olPpZRRq:shujVrhd6ie+CWc7NXo3ypZRk |
|
|
| C:\Boot\BOOTSTAT.DAT.id-9C354B42.[Decisivekey@tutanota.com].AUF | 64.25 KB |
MD5:
3c97ae64ad4640e89fd205b61fa516d1
SHA1: 06e29cc1e5e57fb4d98ef65081ab36bf1ff029a2 SHA256: 1d7be6daf2aa4b94a8ba25cd132380c2dc2532ce89a305f872de19af62b5163f SSDeep: 1536:FVrVOqNTw0KfeBewE2eSlKQ8s67BN0QqiUxFrssJuRNchgV2esFn9j:lNTw0h2BPQ8s24p4wPJx |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 4.42 KB |
MD5:
a1e5c3c13b5e48ad3220f13a4786473d
SHA1: ce14d885ac6465150410160e2dc7cadde58b52ff SHA256: d2d1f23249adebbc22cdb733695d64865504f7f301fc1a73284a42cdbb4cc896 SSDeep: 96:R4/ggy1fosCqVmjJfeUydoNTTXoE1B8WvMYP8Fk39TtkJ7/oyRi:R4/gxfIqPdoF71BbvMOr39ujoSi |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.66 KB |
MD5:
a5c78836ab7a6231097b60ea73974181
SHA1: d8be07bc909cfe56a766ce1bf6be116097abae50 SHA256: bb7cdb5a6f68e642911ff6962368b8472c4192dd011836cb87b34f37bc257f60 SSDeep: 48:sZ/BCQAkjnWWn5jcI8vmvdXpKdcgFiuj8ERRq:sdqdWn5fQmvNAdFQvERk |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
052b4a3aaf24e1879297e0f1408c7662
SHA1: ccf2d2087988828f8117c27f1ec3ccaf4b5b926d SHA256: 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 SSDeep: 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.65 KB |
MD5:
e8c9c8052936b3772f89579f36f83d7a
SHA1: 62021c0d6a4dd1ae0968057cd9c6c520cdf876f4 SHA256: f0258434b2928ab607f4f7385689a162ec0f4154a64bc5b676c42651581b0382 SSDeep: 48:TakfTiazh1tjP+2f7KB3hbTv7odRJhRRq:PfhzndP5f7Kxm9hRk |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.99 KB |
MD5:
1570aa80bf2f2cfd090ea4993daff6af
SHA1: 2d8d5205f9a6b9b98fa65e35a0acbe02f5fa290a SHA256: 11e3cb0388dedb43eb9c98875920629fff6fa5195e7e7fdc8bfa2005ad3a5fa5 SSDeep: 48:LoYpqP78jUPw7pTMrZWYvJLA7uz84eSmZHkR3gRiGDexRRm:LoYpA78KwNSW4l4w8Gmi3gORg |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.55 KB |
MD5:
797781486f856d8da6aab48155b400fb
SHA1: a272a020e4c2a6552f8ec50c2e971c0a301f5f2f SHA256: 7b43b6c37af1f54fb44b529091c22c3bf98f53910e291fb9a74b0712fb7c0fa8 SSDeep: 48:FufGyn6oAp4HxKlQlWVkLQTtsjBeg0rRRq:FufGyngwKlNGkTtsVhURk |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
6b078cbccbab0d5edeaa1d85f11ba58a
SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 30.60 KB |
MD5:
12c303f44ae7eca9b187a4a15e6b3959
SHA1: d960bb494a1bb0c8438b89e46d4e32cf5cdbc55a SHA256: 0ae8dedffb22b76aa7bf2ebda8d677de92bbde9be4cd25272a2802b84655fdc8 SSDeep: 768:RL+EmssbpmfKqlXEw2cf28BMDK9NrBIZp8sS0:4EmtPq9k86d8q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | 69.80 KB |
MD5:
78dd9d4760f5cfb8647a0922e4b29779
SHA1: 91777171ef6d9cbd8818d4f3d0c577cfcf9e3e79 SHA256: 7bcac030fd6e436d999c021fc3bca5cedaafe91b2af6f2c31d67b005f72bcf82 SSDeep: 1536:5KTZDpXBbb/tRXq4mtptat2XInVlyEM/D+80Mg8ggv7gNBGFad1NySw/Co6x:5KTJpR/tR6LI1nryEM/DV0MggvENBmaT |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 582.61 KB |
MD5:
0cb18785332d67ed751528a7dc94b4d4
SHA1: 9a3cb4e07d9d6951f34192291844170384f13e69 SHA256: 30e263c66fe3cc8c6c4e94c447aaf5a88702e5c72cd589d01d2a49b620180a37 SSDeep: 12288:H6NyoOWkUR1+n+N/D7KojJpGOT9rNdsSYebBnnBWDHZGfhMec9vX:H6NVOW9GUXQU9rfLYe9nnBWrZyUP |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | 26.79 KB |
MD5:
cff168db7198ea359bcd5104e7cbb5ec
SHA1: 04c48ec5ac547805ff5e7d9913a957d0d8f26879 SHA256: e033a7cae8e323ce33f5bd380d5bfed5c8652f168ac6bc618f845779be940f80 SSDeep: 768:ZYjtIFoxqQxXbJWnGjNlFehhIyIWKVX19Xbl2:IIuEQxXbJW5hKLnd0 |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 4.42 KB |
MD5:
f856b24cbc51a742e13e92a42b70f08f
SHA1: dea01942518e7a46ba2b4bcaacd17cce7cefd9bd SHA256: c3ea8fdce2f7569f3e3162c1389374b713b4232803c9977ea6c1996fc689ce61 SSDeep: 96:sd07Wp78I863F9MDr2/oZFhaGxEEZF6J0FxXJoomruBSkjx/9skzgih8VRi:sd00kDr2MIqnfA0FIomrMPskzgsQi |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.54 KB |
MD5:
6019498e041a8c3e9c83c2cf90e968fa
SHA1: a129888ebcf54d54fdec80d520d0301d75f5dda1 SHA256: 657a9e4ea586782335853578a148a5dfc61173958a20a1ab1922a7d91a738445 SSDeep: 48:2/c2mlFzsqGaOKiyAfCJz8xMgiLAUUeahwokRwJ7G/QlvMEHzodnxeMRRq:uKjmoz8i709kCJ74QlvMEEdxvRk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[Decisivekey@tutanota.com].AUF | 14.94 KB |
MD5:
cf21f6c976ff64d7ca47c8362c7f620a
SHA1: 8dd8e46e6bfea6fb069cf3e4581f05a962e6415c SHA256: 6971e26e603c593af4cabf722b078965ddfbf9b83ab659255eb099f636868a0d SSDeep: 384:kwICJ30o4itqLJ+YVC0fjfWXzpIJPK3f8F9FNdiXU8RfCS:kwBp0IQV+x0L+XNgPKEFNdikUL |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 848.75 KB |
MD5:
8f8d89567b93ca369a50daf0b2c834b1
SHA1: 306f7581f38e5278e2f74d28be8dc664003ed8e2 SHA256: 7bc3a8f2ff933dd3ca228768f76f9e2cb9802f25ecb0884a1cedec9be4b446fe SSDeep: 24576:JKFhlG/CZp1t7eIk1vX2ozUV6d9zfSq9RmLPLvkzza5MoQ:oFi/CZpQcU9equcfRoQ |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 582.61 KB |
MD5:
710037f0e7730110069840e5f3ed8d74
SHA1: 91dfc4357ec413ac0b157839f6cd0bf16fb19d8c SHA256: 7ec2d534c6e10e9fe6de560b9ae7a1e6b1d039ddd5da9747d731815a09e2d1f2 SSDeep: 12288:yZhcfiLiD7QyciZUQLyD+ygKE/yBtT0MFbxSwkoL2Ob+UhNHCmp+4zOa0:ycaeDoiZUQlygr/yHT0MnSxC2ObXKsz2 |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.76 KB |
MD5:
7e7caea7fa2e7906f35d52bcd383cf76
SHA1: 1f2f53f3704527af881fd241580d3dc3f0aae4bc SHA256: 996db237e90086a4d35c5de5a726f3ff29c7fbf0fec84ebf3ad558be6e8b702f SSDeep: 48:1+g36CNQslCzatg4cBcEXu/IbWBcjsjHhsiSz2jJueORRQ:1p6Rslt2cMuAY4FUJsR2 |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.14 MB |
MD5:
77265fdf3e1e8b3da63be0fdbb7207fd
SHA1: 07b2d79497fdb4861dde29c93a3f37f56e648490 SHA256: 93a8cc9acde4611609f86f16de1f2d8057745db247fd9683a02377a22497cf07 SSDeep: 49152:zDxL8QBo0Tex4S120ytJy7HcrV9VYIXezhSlH61:zR89t1b6VYeeIla1 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.66 KB |
MD5:
f15d75aac66599aed4cd540b27ace4d1
SHA1: d4ef0e57845a1f07018505c01d6bdb38ab8b71dd SHA256: b183e5403e49cbf77da37c1728bbe57a2dcec9b003e5ed11f7baee2e5fda33ef SSDeep: 48:dJgHDEmP9aVKnMW041UZYEZJt1j0hzEoFa12Vs5RRq:dJgAIeW0+e9hYzEuQC0Rk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | 26.54 KB |
MD5:
97ba776acb1b04a1f0f8a26a1987cd48
SHA1: ec220d3e3ecbb8f9d1c7346518211ad5b8ea234a SHA256: a5db45b1f3e74243d580a0044efd39e641034f5fabd28c510662cb0d68b11da0 SSDeep: 768:al73IdGkeLwEmO7H/knUQFCs1hTuDuvM9vcnvjQc3Pzri:oMe3VMUECs1hSL9vEjQc3Pze |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.47 KB |
MD5:
71184df7f653f23ce559265e1c1be9df
SHA1: 99205a5c68e8eae9548f7bd006b3eae5b9f753eb SHA256: a82bf8b670a0c48713babad96a9db5819ab54317a2399a04bb2bd787716dc6e1 SSDeep: 48:DCF0joO1t98DnFUCEKYAnk8zOvYyJli0h5llcSaB9BhTsyVE3A+u+pFECzYRRq:2F0jFeDnFUhKAcODJ40hy9vE3hzF5zY2 |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.07 KB |
MD5:
8d396c638f7a183405d8818b59216075
SHA1: 26e01962512c292ac5d3ca78193a8bf8ac1cbe1b SHA256: bed5430086df550347a7efa0dd9337e52cca861313688c6646236b19ebac5401 SSDeep: 48:8SYprgjbK3/46D5d+exbapWoMD/1p5L0uP2SkRRq:tS8ADLSWznBP2SkRk |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 4.33 KB |
MD5:
5988b79bcb872afea86f6813365820b3
SHA1: 469de3deb7b172eacb4537b077c9fa9acea32637 SHA256: 0071f42a55ef514f4509bde7ff3a9ac09f422374e74fea7054fc5d7fe4159b37 SSDeep: 96:LS7JLCIjvRi+VlzFvCXFdBmUHywSs8c+DoZvQ6f7kdRk:aJmITRflZWmUSwSsd+DoFQWAPk |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.48 MB |
MD5:
60fefb34dff1ec45c74c039d410b1555
SHA1: 2cbacebe4649c16b6afd6f1351034048bd873bb2 SHA256: e5dd9007a07d5d719153e78a8431e24b0b35df39b5b594646db614cf70182589 SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ64iRySonD3WtD9DbAcst:fqLVW6vlK3uD9DbAtt |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.66 KB |
MD5:
fa5bd644a6151e1c3117e8497abfc21f
SHA1: 00e7ad69faa99e230d2bde312a4f7146882c3a45 SHA256: ff126a378659e0aa3d8ec3cf3fbc20d54010c540efdc0a7dee47f2692376ba45 SSDeep: 48:RIOQ1iaIgoVPFbx/yKT6ZUi/cPEcWHdjlQtmRRa:RIO9alo5FbE30PEcW9BdR0 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | 37.04 KB |
MD5:
c97dab3e5a389ca0f0d18eebcaf6278c
SHA1: 4d8c6211ec80cfbdcc067e6c64f00e001f0c4971 SHA256: d7ae795c1cfe01770e91cbe746de6f83e51fe1c9b88f7ea362b6f6970acfb413 SSDeep: 768:+78Es3cU8O70ppSC8l2ZGqWLJzk6fw1yZM/oTcfV8lnNydw9jNV08VKESE:4XO70ppb8MWLJiYZXUV8zydw9hpSE |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.81 KB |
MD5:
f430765a3607df43a288f743622c9eab
SHA1: 4e6ee1dacdf701f963b5cf5ca73607be200c4ccc SHA256: a38214c534d881f777509e054614bfd73ada1f440b077b9e9a3bbdac5162612d SSDeep: 48:dWQKqLa8LC6lVCTrTexqqGWvXjQ9CfeLRR8:dJLaNTrTelGMknRi |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 5.67 KB |
MD5:
27f7533f2a317f9a018fae1340a1393f
SHA1: bbccca97fd4ecaa388d23f8b39f3ac7c0d3dab76 SHA256: 63fec2a90c08fdf33bcf78f031a5f3532e3105c721926fccda752210d8b54353 SSDeep: 96:zuHVAKG6FxXnt6BRtW/TauDZA+JaaHpDGhUd77YAmm5Z5GiAPlyTxhYvERi9ARs/:qHpptX8VaJDGhG7HSiA6x2Mds/ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 582.61 KB |
MD5:
56386cffb83397ed9ba243189adcfaea
SHA1: ed61411a19b9c6d1f1cccb2f0966e272cef10f7c SHA256: 389cecd2d7305c781b7ed2c171c46a2637ed58162bd6402aee12040500724d36 SSDeep: 12288:R382G8nCm2ozrdJnsm9yw+dDrVnzkp/1rvtbJlMUMCVfX8me:i2G8B2oN19S5zkp/ByUM3me |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.15 MB |
MD5:
8f2eafa3553af202456da16937a4cf7c
SHA1: 15d623e543eaf2a94ea982ef0012957d20f53b93 SHA256: 7f17ef0e07dfe866f801fd4461aed0ac6ba137ae83b572e4ff399ebf42ae4e70 SSDeep: 49152:zDxL8QBonTex4S120ytJyqzfS3IPMWm/vnYKo3S4Ccz:zR89K1CzfSwMWYnY1T |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.05 KB |
MD5:
d686dabeeeb3f46daaa967c8034325bf
SHA1: af7e26f91fbd638a6ef98613c2060187ad6caf97 SHA256: db5ea74cc2942c8508c1bfb90bfceead7d7107f2f846ce6b7c7286dd50a66c1b SSDeep: 24:CjOVeZhCUJITH5yjNjIGFKQINvllrc/YaTfzA+oUIEECS2NRp+uY:CjOYhpJI1yujx9xWTfzA+okS2NRRY |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
153c60b8828273493fedce6a7762fee0
SHA1: e94b06f4f7964347622b24d5e379e599a759ca8e SHA256: 836e58072fe1b65d3839e720d550a451575815f83c0729d89e551613e9ffcdcf SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+iJL4:MUvTiNhU4L7tZiTnprP0txRso4 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 855.24 KB |
MD5:
357c2f109b5ab821d8e2e1d491e1a8c6
SHA1: e8d4da0a14562b1737665d33f3f3f4775df19bc7 SHA256: ff1a8f19f5c7e130944c65423754e5f0e32681a7598bf51b07d3214ae601d43c SSDeep: 12288:E8m/euC3owifSEYReWHoIc0eHEHU5Ni0poGE8/g1zcfPgpwKdsjFYoO5cXC:E8/3oPfBdk05NrDE8Y1QfPgbAW5 |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
2fb10a322517f7cbfb3a6cfe3f7ec571
SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07 SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai |
|
|
| C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | 0.37 KB |
MD5:
0197d9893432a09002c7db38d88f3a9d
SHA1: 98f62155f91d3d271e0cc98a0838937439c010e6 SHA256: 8cba127df6756bbc43f8e7c8265fc936e630a371e5d41669198a48de4ec50cb1 SSDeep: 6:AIhjduMO0zJ/bxBG/6WCe1dNAuvGo0rMm3PrgXdJUf+bz2YIsn/:J9FJ/ySEnAfFYm38XQ+bz22/ |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.66 KB |
MD5:
8fbc1c16db48ef1afb476e0aa217762c
SHA1: 553add178d00e9588c86439c8ccb81addd4ab716 SHA256: 87ebbb9f7df88d3d59dfda3bcbeec2f6eab28489d33ebe65ca33badd5ed3986d SSDeep: 48:mzlBiQx2Vnf33nT+T92Dn7FzMGRwfkqXtIsePRR8:SlwFf33rVzMjfkqIHRi |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 20.33 KB |
MD5:
6aa9d137e79508aeb384dc40ce185c75
SHA1: f7fbfd110ad439f87164f4c35ee4bf461b7fdb33 SHA256: 50d64af14db4f5e9934010ee47e0d788551c1fb3d7fd2d7612c4b6d15aa09283 SSDeep: 384:Rd9ZLn7CgDI7nowvxa3uJ1Pf+rfj8hDfmPIj3FWUXF80k:RRn7RDIDiYeDQxmPChW |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 9.37 KB |
MD5:
814bdc3a3b241272ab911b07cba84a8e
SHA1: 3a843e6fd9ec585c6f7c320b93cb458803e5ecac SHA256: 6e434e3919f4a0cdefd0426516560f4de27ca7d5d5736fc9f620a3010be173a5 SSDeep: 192:uyGbwTnMWT2qgtGE9jEIhP8GNyRjW5mP/ZnpAXZTRBxk:uyGMYWT28IhP87PAT/xk |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.10 MB |
MD5:
26c291382476a64258a95e90bad79b0a
SHA1: d9807a07196f5dfbb633490c9d3cc75ed6e5ea4f SHA256: 0c6560fb46bc7e1c547e65b3090f0cea73f112c66004abb053b9fe4bd512ac3a SSDeep: 49152:Crh2TUGD0HEytsDd5D9kwfbF4diB/SC9GMzff7Nz7kk7oU0PnHFltB+t5VfI:llyaDH9kcidg6C9NfjN0+inHftQa |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.05 KB |
MD5:
2ebf116af2c1d891839991fa10f89ac7
SHA1: 1da45480f2b759e550fff9edec6c131f046ebb00 SHA256: 25f04fbd7f34b03b543087bc55e3d4942e7bd826754098fd0d707845cae24b67 SSDeep: 24:XcBIlcZlybiLx85m7VkwyXVZ1xPOBi7cYjEFQA55cxBWS2k6Rp+uY:Xq13AiLxY9NFZ1xPOmcIA562PRRY |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.80 KB |
MD5:
e2a34b0347beefa76cdf1b7e1b7676d8
SHA1: fccdc8e65afe9c284fb98700ef3e6f8b02daf04b SHA256: 298f48a1cd86b9b5335a1ff4db58fb1bbc402f0807f90f121b535fe4b7a1c31e SSDeep: 48:xCKuxqxGFlRIzupqHPK/rxzPn8sM8pxJhgKMPU1nmNmDf9eRzcNRTOHIiJZaveaY:IKiqxYAOQmxBFhZuy/yoiJy5Rk |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.36 KB |
MD5:
2d4340f37a1ebc40122cfa6079c87e0a
SHA1: b15efc60befaa862efe9b1b8eee769104475e9de SHA256: 9ec6b8a814b0dc98f442bf0b0c54cceecc0b34e4042ad4ea5f8122a86925c6d3 SSDeep: 96:IXed5cpB4fFZDQ/Ks5a8RZPXF/UA0MBWNMFzJTHW56Ri:IXewpqFZDQ/Kb8RB1/n0MFzV1i |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 6.33 KB |
MD5:
6f71b71d6b72eb568852bfcb2ac019a7
SHA1: d304b4ac7e0873c5d1fe252113fd3ba23bc648cb SHA256: 5b5d7684487a8658df2df1941b3defe207a45cb1d1463a04ab46cf9638f07f33 SSDeep: 192:1n6y6qzH+jesK+ZrVrQjr1M9wuinHDqtZGfTfs0FARk:oygysVZZkj5MyuinHDqtMs2ARk |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 4.42 KB |
MD5:
73e6baeb8b3967ee46ed7ffcf351b2a8
SHA1: 7744b7cc4bd8eb65378563db39bebc32ff49979e SHA256: 6a934b8b939d333f93c91ab1de5660bb32c837e0c6fb60587545a00d51ef3748 SSDeep: 96:+ni1unwKHK8wVcK/qPmRSX3+qlDOn7k+LUBikW56BXUngXeC6D/S8yRi:+n9qZVcVPmS+ql2krBid56BXUngXebSS |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 853.75 KB |
MD5:
0e6aa8b61e014c6f32f699d860e03d98
SHA1: 5dab29cd104a31b920c3a0a86f43875e4c547e1d SHA256: de2cd3f15caeb3b466395373a93514a82a913ce64d05a544533ad2a5b21b9b63 SSDeep: 24576:XMH2MRgxwPxdSIF0jV/cpzOrHFhi2ph9IH/8iyADF:8FgxwPxdSw0JuzODFAshuUIR |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.56 KB |
MD5:
75e01117454f337136abd6e18cc29eaa
SHA1: 7733bca36412a00514132ad001ecbdab7c32e8fd SHA256: 406d96623d716db09d6ec88be56860f6682bd7fa79de649d6e6bd629ee526fc8 SSDeep: 24:SX4G2TJ4AsdKbGu+rEU0Rl4DUXdzMZ4NQDvUuhtYZvzIoiMQfjYWSeiRp+uC/:zF4vKTs0Rl4GsvUuhmzIDMPeiRRC/ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.05 KB |
MD5:
2c3b753ba7ee4eb1e55714740278a2a2
SHA1: 4efc636c18007b9cd0164f724307d6be1818495c SHA256: 4f38e233f6b8c76fb98925ed63ed4b76d7e56b7f15f8bbd8fd6ae5d0bfe21a1a SSDeep: 24:Z8/b6TQwzecek7pZPZret8zbbmoPFgXYWyQuMoBeGI7WS2uRp+uY:CeQcPJOPowYW7Ga2uRRY |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.14 KB |
MD5:
0ba42dc2dd3111d466779cb5580fb6e0
SHA1: 813e0321472835ea963186270582eaebe08b7e42 SHA256: d2e4bc7406b8fe24c5f0a0f7a2561f66e6050026538ceaa85b06fb5d1aa4e827 SSDeep: 24:pwC/FBQQrPZlQrSz+3pzWjR9r7h3ZW7hknOyegr16SRp+uC/:fHYS4G9/hs7hknOdmkSRRC/ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 860.74 KB |
MD5:
f3f84b637239e366a35bd8196726382e
SHA1: dc9f3685cea7904af690a6fee8c0499d86b0216f SHA256: d90edc27a470b5754491c4ac3251317e85b3d712911327e63be0d1df77286a0a SSDeep: 24576:xLbVHeUuLaq7sjKWrm1VRkXynXxavqu/2DE:JV+UueKoKWrm1VOXeav9/N |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 865.24 KB |
MD5:
8d744fd0f003d094aacf2a46724ce66e
SHA1: bbe0a53353b2b29ad433f75648b5c289dfaba547 SHA256: 947e755e1f9d59a1006e6bd20c4b1a8e22ce55322f15f05ffd6ce1474bfd4a5b SSDeep: 24576:CGLDkxazl0zE4NJfbVMh2Z8RSC3cNNCNzaggU:T3kxazp4NpxMhXRSCcNwzz |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.65 KB |
MD5:
0284a987a8a5b7675dae5c42c3ff61b1
SHA1: 193554d386d175fccc54c9b2839fee80e13eee50 SHA256: f362e123d44c2f3b628e03d2756b8b739625b8a0b96f5d6067ee9134e48cd728 SSDeep: 24:Vbyutz//Jyr9J/RZM0cyaCMy5LAfWvMzTFXxlU+/x7wcB7j0Rp+ua/:Vby6//cpJpR51c+YTbX5T50RRq |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
3d0e1f18676626331ffefafe53b18248
SHA1: 80d370bf723a4b00b769c1a7266d63de82280ab0 SHA256: 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f SSDeep: 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.18 KB |
MD5:
90b96966df27ee3f2ca7063daed03cb4
SHA1: 3d7aa4ab7a91a09e916a04c374dbfb02ad86f18e SHA256: aa974e2e19352501b62f9dd9417d0cdd76de9eefe7b3bc2a0c5791e798e3cfd1 SSDeep: 48:MXhkmNCaRcyiAMEuNBXQ3UvYy99B8+dWlt8EY1DdqVd/LywRRq:MWmIHynuDXQkvYy99B8+dW3k+ZfRk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.13 KB |
MD5:
5d3e2d4819ab06ba011ada3c346cb5a2
SHA1: 15d7b4ce073d800ec5d60f5bf60872bd9cf74f61 SHA256: d60dfaf2fc78d388379b07e71f4e339386887673dd50ee1449b1c9cf4a108450 SSDeep: 48:Nvq04bGNVXrA7HkB6MWYyPn/oWsmg4w7dlTGVePRRU:NCAXrAwB6MWYyPn/dPedjR6 |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.16 MB |
MD5:
bb72566e564403ca03ba56f4037a4ea3
SHA1: b08743bfb3a60b4e4a8fe84f115a68585d404804 SHA256: b6e9a97c765bb53895dd40d7a0e38417a4297dd06581fe84879b0e900f3fc11c SSDeep: 49152:zDxL8QBoSTex4S120ytJySzTvL9J6+CLzPFj:zR89r1+9J6+CPdj |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.04 KB |
MD5:
391bdbfa3a71bbe786274e88d87583eb
SHA1: 9825eae5ded338c195d1aa192335b50b030f525f SHA256: 564387505b76d3265378c491b90ce7f198a7b3cc06a5ab06d9a585da3d72a2f6 SSDeep: 48:/pAAUW1dtqwfbJo9QvLYXUFe9WKK0bjavxRRq:/BIIJyQKUYWKxPavxRk |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 5.97 KB |
MD5:
346a0525b645969f4eff9948b8569d4c
SHA1: 922c4699311f4021bf36750da91f4833a7bd87a9 SHA256: a617367c8506ab3049b27986ee3ac7411f33c7c5b9cf8bda1137b3db28a2d36a SSDeep: 96:LjJp8zcDkvoFuo7ZxMnpNJ798lJtGUwYLg74NgTPAAaaloVHzgNTYluubIRk:LiXvMFxajAJ8fRTPAB6gHzMElnok |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 4.33 KB |
MD5:
337d8f3dba45b2d2bac749d7cd80c327
SHA1: 49eaef1299b447f0a204ffa30f478a68ad73446b SHA256: 30ba567dca4d4ff3d06a6f6b67b2745b7efb14d063641933781d594f4aa57b71 SSDeep: 96:2MqSdlZPilBTDhMV0HjXBnlh+CAc4xh1swR/hyp7uRk:VdlZiftM85/+C1wR/hy0k |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
4fb6c079967f604d4b8cdf477caf6de0
SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 9.37 KB |
MD5:
4cdf9459b7fa06ee5b2e4ef49ab01f9d
SHA1: eec0b035d32afaed2a2cd89b68d82f2e88d6aa18 SHA256: fb59293278823f3068c268b8781b5544a75f93fb7368ffe02e806a731471f315 SSDeep: 192:TnKj755F5uhsuQjwUJVHEAgiPgtPb4H1CAgwlxZmweyTzEnYk:gfF8O+ttPb1sxOI0Yk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.88 KB |
MD5:
759bea95e646a6c529099c8506112b2e
SHA1: 1995ab2c7593dc2c93d3979f3722b3e357707184 SHA256: 6c8679038bf9c6c46b38d25798e11c17cc48d6aa4dc671c09e94f19eefda85e5 SSDeep: 48:lenyAjm5nBeQFXl7rFiuvIMBE59azIeq6r5kgURRM:0yAdAdrhv5BE59azVrURS |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[Decisivekey@tutanota.com].AUF | 65.85 KB |
MD5:
068ec279cc98551bca5075bd68b86833
SHA1: e720330355ac865895c1f67d67020648a2b99b6c SHA256: 0b5fc318ab2a9c5f19c87c57ed04e9ba213af1dfe1ea58fe2f23b94875f82a76 SSDeep: 1536:uJofnBvtoBcBPfFKMMTvOIYQf2+eMQE/z9vdQYbcrWf9B:JvtScBnFKMZdQfx/z9vOK99B |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.36 KB |
MD5:
466d8414a7ad06284815d535c4c3a0c5
SHA1: 631aa6db368c57f151e507e183cfbb6b4d2dd2d2 SHA256: 196d266cdd65848f3a56398fe73f096edb371d715895c6a8fe629888f864d36b SSDeep: 96:f3pLUz+OOXNihe60cWy6i/G4l7CbFm3yS++y/rYRi:f3pLUiOO9iY60Zy634lLCSi0i |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 6.51 KB |
MD5:
adf5f087050d90239fa7e6bbb52aa04d
SHA1: b2b1aee768eeec25a87424cd8d02798b694b9040 SHA256: 615ec990e4fbd836738f0a125aae9161fafbbf32209932d7cbc8899af97095d9 SSDeep: 192:9FmqXAkS9UulQmZE08vZ/cr2eXtKUOWuWs/:OqXiNgO2eXcUBuWM |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.80 KB |
MD5:
3cafc4b6475b44f42869acedf3667d5a
SHA1: f49d7db629bfde4835bdfc718af6e15d663d3ed5 SHA256: 9bb13d46bdacff5fcc23ae67b03cf57b2e9f34e135c55c688b640b22310e87b1 SSDeep: 48:1/uSy/cp/XRliCrW5+gIsB8XDa843W7dQjFdzjdPYPB/8TH1BRRq:acpRt8+HsB8TnuW7CANQ1BRk |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 16.70 KB |
MD5:
d579775e62e522583ecb56f15f88218f
SHA1: f1557753ef342f64eee7ee4380a992fc138c2c40 SHA256: 2048bbcb9a7d8af2594b4af8362e5c0315461f27489c22f32f68512f69dc79b3 SSDeep: 384:knzRcrMeDSJkugdpHk8rpTry+PrnsuxaQiwlFrnE9JomH1B1d5IfgPfi:MzRcrsJkuWrp/yE2dMTE96mHfJ6gi |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.76 KB |
MD5:
ed54bca86e480eeba08226b54e43893e
SHA1: 98961f4363114f92c61d6fea61d685f359655dda SHA256: 33010a288c8c46964406d09193804f7400c2ab4aa8c7d4f40608081471169d76 SSDeep: 48:RQj/bfktk2vvZgv355uzhnYSL40oUcHQRRQ:Wamv3adnYwR2 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.07 KB |
MD5:
be1bb2df171b1c3e4b25d92019c7f391
SHA1: d8a92547e4c82f5ccfe68ec853e775edd0845933 SHA256: ea6d8b20087335c3291aaffddbd158946665a78cb907dc31fd67016ddd65815c SSDeep: 48:Ng8lVb4USrWG4UhTc1sxRt434fEqZ3ZsaExZ4SxNA+oRRq:uib4USrWGBSs/uIfEqDExZ4SxNA+oRk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | 65.85 KB |
MD5:
52f6a699715aa13f04045525bcaf3925
SHA1: 060b2b055a65ab2115eecd0fed50211ddc4fa35c SHA256: 3b736586dd3e8ae89e3a140d79e1959b64ccd216a14173fb60d379b9399e6118 SSDeep: 1536:zsNREg6RQImdjYh9fiPX7x5TXbyqNj2Egkb/Zq:TnQgHfiPX7xpLyqNj2Q/Q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.18 KB |
MD5:
f620d835441eca8a59c160f61ef7727c
SHA1: c42956e70612b77e04867ce58771172382ec9d15 SHA256: a2f237b13b8767a13e1c92f105c5c16f7fef2ac97908977ebb349b35c5d6a9c8 SSDeep: 48:ywM/UwccTPJICYTD7naEQs8IU/YCsuCsMAdEBEJwRRq:yPLJIJTDzaED8I1eCsndEBEJwRk |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.07 KB |
MD5:
9ec4983b2b9bf21bc0d82e35914fdc3e
SHA1: a0568c2f805ceb4a650d43ea1ba24c8fb8c1fb19 SHA256: 2575f49a98dbd97eef503aaf4a8c6d148bccd8457b0b5d6ba93065bacd62536a SSDeep: 48:iYNDqGgxRjud9e90IWEvmLb8H3ACQDH/BJpS4XYDdFpqSPS5QpJmUXj2URRq:imgxRjufBNYmfGApZXGXkSPS5MJmCXRk |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.60 KB |
MD5:
a2ec79d1d1dae489f8b1262bb07bf984
SHA1: 34e4ea7deedc0202ee176b27aea65a1600e75fad SHA256: 6976df28c8b89c85be67a32c0b05b561e7aaf93d32cac5cbda0b4721a999db08 SSDeep: 48:ahgU8msBS9rGLzdd/oaSYooLTSlKycD3JzxXmN/djqZ2cK22GRRq:ayU7GLZdwRou/du2cK22GRk |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 8.76 KB |
MD5:
479c6232f9b6407d799f8dea47ed132c
SHA1: 6b62198198de88c9a13afedb3b856109b39efb4c SHA256: d54bcd389f05f4cc6ce142e61a7c39a308e16f2bea498152ef8d2b21514df3ad SSDeep: 192:6TswFvG56JwZT58RlU41pJpGmjtabX+OwJ9V2:6IwkAJ25MGq5VjAuL2 |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.47 KB |
MD5:
2aba5f9839ae4a308cb3ef202e53a188
SHA1: 31bbdc7a9efb97bbf227d7099b917b109059bb7f SHA256: a1b00ef10195c3394457eaafe00a03e51513258f608df2e85cc7c4ec52620991 SSDeep: 48:1dFzI8pWt2BkEFAEs0Lqd/yQh/MfO7xNKCeCNUBcGMLX6TyRRq:1k2BkESd/yQEO7HiBctLiyRk |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.04 KB |
MD5:
25e91bd3799e8673d80c265ca872cf18
SHA1: bd96d3a694cb0e9543baeacbdaf8c3e511000311 SHA256: c6c20a36fbab44c753ee1f8d2bf70e1c36a24cb0843a27a24d2f8b997c7e59a6 SSDeep: 48:rWYy39XwFy1/L78B3OYibkPQMnAVbKvVHk5KMbD7XSuRRq:rWYEP1Ttb0QMH0KU/CuRk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.27 KB |
MD5:
cfb1441166a49c44b228b3181308dcb6
SHA1: 15723884fc4c1c77aaad8ee510450dbe7e1c44a6 SHA256: 3faa1830403d83fe57edec460012d161c2b31de11673291f7513d4c9edf743be SSDeep: 24:lY+V7jUuR94YXRj0gBkSf/HTBIXOYYGQUohzX3Tk3GRp+uM:l/R94XgCXuUoxT3RRM |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.05 KB |
MD5:
c3566e19af813ddf532a95cc69561934
SHA1: 556cc6d19602e41a4f2f6d7651ca05004d508d00 SHA256: 625ea5f7a2a8ae9e486b5bfd912c11e9ab8f28ba040f2e6c3615287b6283aefd SSDeep: 24:bn/JlhVpkqKwjexYH8msGTnya28RBNqCZoGBFwtx/l4S2MFRp+uY:tZpkqVxFBNqzGWx/l4S2MFRRY |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.56 KB |
MD5:
ab942da4a446aea61cc7fc57f2fb7849
SHA1: 438879a9502d97e73ecacab10d3ebab4fa0c3e77 SHA256: c2555e0db5a7313f872e8490e2e031270826a69745ec3043c514ada8335f220f SSDeep: 24:SUzn/IaB74Cg03CPPgrLqg5ss3Idut5Y2+3sHYPCg4SYWRXjBWe27TmHWSdRp+uS:SPeJmPgrLn5Y2WRXl2W9dRRC/ |
|
|
| C:\BOOTSECT.BAK.id-9C354B42.[Decisivekey@tutanota.com].AUF | 8.25 KB |
MD5:
74ed685f31870465c11e21a636a14e87
SHA1: 61d9f0c2a9698233556e9f295e4879673363e6d2 SHA256: 7019e62a6e501ade19d556794811c72e8149870058e2365fab5776a5940365da SSDeep: 192:IFNBxUw6IAeCDZnJNLz46T17x0eBepZnQKPKpTqDz42aSBr8M4y5a0R2:IFN36ILCDZJNHPTF+eBohKpSzyKrQy5M |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | 2.35 MB |
MD5:
e4bae88e56b1f20a40d8b0f3fcff753b
SHA1: e98842e8a3212ac74a184155195824c40195199f SHA256: 279f9fcd7d10c0008611007076d5d499339f7e4001ee239749097c9eb3340a01 SSDeep: 24576:nzyc0opacbhmgk5gHL7a35AyjQgz9vzBA4rdeNjiku5OVeCw83Dr8XWA0FjC32Ja:R0opH/cgHa3HRxz+4goA/wkn89gjY2aX |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.03 KB |
MD5:
75d66490befe1864b9bbbe87b246927c
SHA1: 5dbce99167c929051108687c138a75787ab4ef19 SHA256: 257e2de222beb0ae62bbb7952b94da706df3d99c98f88e9590175481f4d1666c SSDeep: 24:Nbw893hrHRKZCemTRsI2HZUx+Yxic1nN88UIRdBZLY0kRp+uQn:Nbw4sZzmlzx+6G0TLYTRRQ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.27 KB |
MD5:
2cc7cc983b71c6a4631fc4134d036ee0
SHA1: 2d29613dfccd763f2381bead04d5ef76b9956098 SHA256: ec7d51326329881c07951f41bd2ff30f2cb4b2f9f109870c12a30f42b12e0d54 SSDeep: 24:udTRMzx75GE1P9QUTzB4YVcYh8xvJ+372UrjWf3GgPfNI5/N+goDURp+uM:0lMzxNXQAz3j8xRi72UC3FPV6LjRRM |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
42ac6eff5aa1dad153cb32ec3d616e43
SHA1: 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 SHA256: b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 SSDeep: 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.10 MB |
MD5:
783e08eb15e1f1f815c144f034eafe10
SHA1: e55b444758c64cb3bf71870947a4ab3aba2a03b9 SHA256: 61dd12ee9de9bbdd897d8e4ba3b32f7cca359e5b801e3713b3a62ac1c644512c SSDeep: 49152:AeFNMMFrwnbddIOxFOSOwPFhbYRjfIDPHLoBTv5oJBB47q5Fqcip3lbDv+8u+:zDMUwxyODPFhbY12HLodiF4+5rip3dp |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 9.51 KB |
MD5:
97ad7f91c2dffb8751b30d95e9fea80e
SHA1: 1581a8818179fd1a3f6cf00704e45e34afee5610 SHA256: 3c0ba75072e253df13264af2f51267ecc25d26034518f69ad62328780e0897d0 SSDeep: 192:2JhlDpbRu0aEkBprSi/cjniJt7nzU82CcAl7eqKnxKFCI6an3E2:2vBaZp7/c2Jt7z/2CcAwbMi2E2 |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.14 KB |
MD5:
db605a25f6e036b575bacc09b4d01e26
SHA1: 413dc0b67dfb436180ef1383afb3a99051631b8c SHA256: 79f8bf8bf55e8edcd08c01a7eb46e87321acc1435eaf765d00086a1536c5f635 SSDeep: 24:PZ0AxYCv/bRG2Rezp5MQXklu6LKwe3jCQPnJeRHvRp+uC/:PZXxxv9G2RS55P6ebW6JeVRRC/ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.81 KB |
MD5:
fde484c4db88244db44df0fcfb77e64f
SHA1: d5967784e8b309a4b08f60119af8462e622a686c SHA256: 50953976b85f86766347ac535febbd3eb3f199b1a44ec5f30301210ea0a320cb SSDeep: 48:NBNOzrSb/XBZ4+g3zrjGE4sJQbM8uq3zJRR8:N7OzrOXg3zrjG/sJQb9XVRi |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 4.42 KB |
MD5:
d91b6b90f43baa0b6a08c1b062b17ee9
SHA1: 5c93d9c8e2ffc38acb43f747f9f27ff4c0048da1 SHA256: 338556512cf7578f1444ed4a7f856cb2bdd77a1d175a6992b1bd98d9e9f4e7d4 SSDeep: 96:2tCBaBpomIS8EU1ahUcBpDt9aY4/RpTAmPIcYwyGwHHcGtqusRi:2aavoLeU1aRBpDtUvA3cYwyGwHHr0uMi |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.66 KB |
MD5:
4d6f3ac9d4d80441feeccbdd4883bd07
SHA1: 5a00b3de0840853baebaac8245b80978e6666b29 SHA256: 25868a26ec996d85b10eb2b6c42f740dd3409abfc2e733f86db4de5c1f348d41 SSDeep: 24:+Juwl/XC1kEQNDYcWLo9CTCRP/b4ZHxHs7u05uYJHJ7bZjUYtefHRp+ua:FOC1kErLo9MYji+u0UYf95te/RRa |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.60 KB |
MD5:
31caf4a16f805480b88c90e6a6a5fdff
SHA1: be01c346d941aed01b3b4ef2177708fd68bf298b SHA256: 62719441ce214da0a051589e1b20412e7119e3ff2a3e55f6e1b1c995ab73ace6 SSDeep: 48:CSXtSeQLsJt2esJymqpxkByNJ23mXl1erRRu:f9AsJt2esJdqpx4cdGRI |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 16.52 KB |
MD5:
3312dd311589764992d96f85bf572443
SHA1: 1a4287fa696ff7f9fe720be2f07826437a311d52 SHA256: 241e5d5c9787ab1d8ef007770ec60ae380db2683a1299591914a4f0aa3377253 SSDeep: 384:H3RxiDRlSTR0j8wnvz2BGD4TB0ZVqHsKe3uBpe4TRjk:XRxiDqTR90rTDKB0rqHsKeefE |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.66 KB |
MD5:
4006762eda8fcf9652a970a3d537cabb
SHA1: 6966bdacf6ecbf93be0156811608d49988fe8cc5 SHA256: 4c2d73efcdc097611fee9ef467e5954745918f51ed2cde12cb3d8eec9b5542df SSDeep: 48:c7z4ac3CrHQ5vjyjgi5c7fzeuRdJtA1D6YhgfPeT+RRY:c7zV8ow5vcgisfzltAmXfvRe |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | 3.14 MB |
MD5:
0fd3cf594c6ddc5a07e48cfc04fa2cab
SHA1: 2572a9addeaec5e4cb40f18cf85bb44247a2232a SHA256: 89a3fb1bb129cd8f4c0fa6dcce0f633f9079bee5e22259f5066050b0c7493411 SSDeep: 24576:zxnP6WBzkm83xgDBo8o93HmJP9VB5bxQrzVDFJdjHs5wuofLfdky20ytJytLm6JB:zDxL8QBo6Tex4S120ytJyDrRHndZZEYZ |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[Decisivekey@tutanota.com].AUF | 26.79 KB |
MD5:
ee6d88d173e6cf11720a8b595613fe3e
SHA1: 9ca915f9fa7f3fbd0c52f53ed72d61daf428b0e3 SHA256: 9965f67274187a2ef8131f719a9eec476c0698f9319f56d0fd5728c204a2d155 SSDeep: 768:6j3fjREGXE7Wal0oujQlYP0NXi9vZ3KZ7Y+:wfNE+0WwXKQlC0NXKv5KpY+ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 1.44 KB |
MD5:
0b3128bac23568d731e0a449064e75f0
SHA1: 653b9d6ecc4730ab65b05c90d4beaa29c988358e SHA256: a29b9abf1a548127af866238699cd4027c0ffc16fb659d8346e3ba25b244dd73 SSDeep: 24:SqmyEfmIsI+9cXrhZSpnCOVRXsG6oK0a5VH2wEhmA1hdfDdsrRp+uu:eFmIg9uAnCO8R0a5UwSVfxwRRu |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | 10.00 MB |
MD5:
0132354deb06c352353675fce278a129
SHA1: 82f447263c0d4d83d398af15034413083edcbc35 SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | 5.67 KB |
MD5:
e51fb235f0c871c45bc2ab3516e0877d
SHA1: 3046adeb22ac9ca5c2001de4a2ee22baf3585584 SHA256: 20cdf444f8845f19b1894b1296a17b53a4902d2397dab3ebcc572c8d02bd023e SSDeep: 96:H3d/DtGzsUNx/JDTu+1n8o23TS/qthGQ9A0Ibv+1beKS9PVBuArKxBynpv600HUk:H3dJnYvusn8Vw2Wv+1LS9NItBQxz0rrp |
|
|
Host Behavior
File (5132)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\winhost.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\memtest.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\memtest.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\adojavas.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\System\ado\adojavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\pagefile.sys | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Write | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 144 |
|
1 | |
| Write | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 15072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1696 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | size = 31104 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 786688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1952 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2640 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 242 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 596352 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2304 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | size = 1856 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 71248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 226 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 26944 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 27200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 67200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 37696 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4288 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2000 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 246 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4208 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 242 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2368 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | size = 16688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 816 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 16864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6256 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9504 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20592 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 786690 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 31104 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1808 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 39024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1856 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 656 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 227312 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1584 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | size = 25248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 134864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 34928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2192 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 19792 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20640 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | size = 786694 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 33024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1936 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 27408 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | size = 3488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2992 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 31840 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 960 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 32608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 29936 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2048 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1376 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20384 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1296 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 28608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1296 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 33280 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3968 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 25120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 32416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 26416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 32448 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 43280 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 60736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5136 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 18832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | size = 2736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 33568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | size = 5184 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 19488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1664 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 44864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 18416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 48128 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 37456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1600 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 21760 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1344 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1376 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1440 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 37120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 19568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1680 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 15744 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3984 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 16752 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 11584 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 53120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4112 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1424 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 47968 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 944 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 31984 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 29312 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 27184 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 21824 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2528 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1744 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG | size = 3616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 34176 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 33488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 18384 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 44304 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4992 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 42464 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1584 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2672 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 30176 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 334432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 72032 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 58032 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 945008 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1680 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 123968 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 416928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 109728 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 19536 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 169648 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 720 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 252 |
|
1 | |
| Write | C:\Program Files\desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 176 |
|
1 | |
| Write | C:\Program Files\desktop.ini.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\System\msadc\adcjavas.inc | size = 174448 |
|
1 | |
| Write | C:\Program Files\Common Files\System\msadc\adcjavas.inc | size = 226 |
|
1 | |
| Write | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv | size = 415024 |
|
1 | |
| Write | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL | size = 786692 |
|
1 | |
| Write | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 99152 |
|
1 | |
| Write | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 17264 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 18752 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 28976 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 34080 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 32160 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 39520 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 30960 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7232 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 14880 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 29792 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8112 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7696 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 528 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 512 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 11904 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3488 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 12704 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2608 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 15312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 12496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 10608 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 13264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8592 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4400 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3392 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4736 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20592 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5696 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 14432 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3360 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7088 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 10848 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 64112 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1840 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 26336 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7984 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 27872 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3760 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5840 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 543312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5328 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7552 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6640 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2112 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2352 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1600 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2768 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3424 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6640 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2640 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4624 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7680 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7808 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2032 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7808 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3232 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3360 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4816 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4304 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 26896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4880 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 28960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 11648 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 22528 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 16192 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 16128 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 16688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 26752 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4928 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4080 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 24336 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 48000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 40208 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 47792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 14544 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20560 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 13520 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20192 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 17248 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 20464 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 12992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 15744 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 24784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9712 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8784 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 14496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 18320 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 11072 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 254 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 176320 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7664 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 31120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 38784 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 264112 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 994192 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9824 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 10160 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1472 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1712 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 12528 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1520 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8080 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 629680 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 321408 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4000 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 14448 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6816 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1552 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4720 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 12496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2560 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1744 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5760 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 606064 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2656 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 712608 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3792 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7872 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4176 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 816 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 13104 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 27056 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 9600 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 11504 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 27568 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 6272 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 19488 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3776 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 786690 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 262144 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4416 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 320400 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 241040 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT | size = 4032 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1344 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1456 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7984 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2384 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1056 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 438192 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5280 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3360 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 29008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1920 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2176 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 323952 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 302992 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 73088 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 280464 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 209440 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 12800 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3120 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 8368 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1600 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 5584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1216 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2064 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3536 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3808 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2448 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3904 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1680 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 7184 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 15008 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2736 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 1728 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3952 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 10544 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 4240 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3568 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 430096 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 3504 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui | size = 1888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 2272 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.id-9C354B42.[Decisivekey@tutanota.com].AUF | size = 228 |
|
1 | |
| Delete | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | - |
|
1 | |
|
For performance reasons, the remaining 3901 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | value_name = winhost.exe, data = C:\Windows\System32\winhost.exe, size = 62, type = REG_SZ |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x124, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 |
Module (135)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x773b0000 |
|
1 | |
| Load | advapi32.dll | base_address = 0x76f90000 |
|
1 | |
| Load | user32.dll | base_address = 0x771d0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x75cc0000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77a40000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74a50000 |
|
1 | |
| Load | ws2_32.dll | base_address = 0x77300000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x773b0000 |
|
16 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\winhost.exe, size = 32767 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x773c1222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address_out = 0x773c34b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x773c54ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x773c4442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address_out = 0x773d9af0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x773c59e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x773c4950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x773c1b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x773c7a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x773c5223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameW, address_out = 0x773cdd0e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameA, address_out = 0x773db6e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address_out = 0x773c424c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenW, address_out = 0x773c1700 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x773c5a4b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x773c1809 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x773c1136 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x773c5371 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x773c110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x773c89b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x773c170d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x773c1916 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x773c10ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77a62270 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x773c3ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x773c3f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenMutexW, address_out = 0x773c5151 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x77a622b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x773c4220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiW, address_out = 0x773dd5cd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address_out = 0x773c3e8e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77a745f5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseMutex, address_out = 0x773c111e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x773c1410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x773c4467 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x773c34d5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsW, address_out = 0x773c4173 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x773c1725 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceFrequency, address_out = 0x773c41f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x773c11f8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x773dd4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVolumeInformationW, address_out = 0x773dc860 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x773c1282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x773dc807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x773dce2e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x773c4435 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x773c14e9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77a81f6e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x77a6e026 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x773c14c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreatePipe, address_out = 0x7744415b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetHandleInformation, address_out = 0x773d195c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x773c103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address_out = 0x773c3bca |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringA, address_out = 0x773c3c5a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address_out = 0x773c1986 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x773dd802 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTime, address_out = 0x773c5a96 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SystemTimeToFileTime, address_out = 0x773c5a7e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x773c11c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x773e735f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32NextW, address_out = 0x773e896c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32FirstW, address_out = 0x773e8baf |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x76fa468d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x76fa46ad |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x76fa14d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x76fa469d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x76fa4304 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address_out = 0x76fa431c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenSCManagerW, address_out = 0x76f9ca64 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenServiceW, address_out = 0x76f9ca4c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CloseServiceHandle, address_out = 0x76fa369c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ControlService, address_out = 0x76fb7144 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = QueryServiceStatus, address_out = 0x76fa2a86 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumDependentServicesW, address_out = 0x76f91e3a |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumServicesStatusExW, address_out = 0x76f9b466 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = SystemParametersInfoW, address_out = 0x771e90d3 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteExW, address_out = 0x75ce1e46 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x77a5fda0 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74a52dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74a52f06 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74a53058 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAStartup, address_out = 0x77303ab2 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = socket, address_out = 0x77303eb8 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = send, address_out = 0x77306f01 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = recv, address_out = 0x77306b0e |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = connect, address_out = 0x77306bdd |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = closesocket, address_out = 0x77303918 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = gethostbyname, address_out = 0x77317673 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = inet_addr, address_out = 0x7730311b |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = ntohl, address_out = 0x77302d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htonl, address_out = 0x77302d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htons, address_out = 0x77302d8b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x773dd650 |
|
16 |
Service (75)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (241)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
24 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
8 | |
| Get Time | type = Ticks, time = 265248 |
|
3 | |
| Get Time | type = Ticks, time = 265763 |
|
2 | |
| Get Time | type = Ticks, time = 265903 |
|
2 | |
| Get Time | type = Ticks, time = 266075 |
|
2 | |
| Get Time | type = Ticks, time = 266309 |
|
2 | |
| Get Time | type = Ticks, time = 266543 |
|
2 | |
| Get Time | type = Ticks, time = 266668 |
|
2 | |
| Get Time | type = Ticks, time = 266777 |
|
4 | |
| Get Time | type = Ticks, time = 266886 |
|
2 | |
| Get Time | type = Ticks, time = 267073 |
|
2 | |
| Get Time | type = Ticks, time = 267526 |
|
2 | |
| Get Time | type = Ticks, time = 267697 |
|
2 | |
| Get Time | type = Ticks, time = 267869 |
|
4 | |
| Get Time | type = Ticks, time = 268025 |
|
2 | |
| Get Time | type = Ticks, time = 268259 |
|
2 | |
| Get Time | type = Ticks, time = 268368 |
|
2 | |
| Get Time | type = Ticks, time = 268477 |
|
2 | |
| Get Time | type = Ticks, time = 268586 |
|
2 | |
| Get Time | type = Ticks, time = 268696 |
|
2 | |
| Get Time | type = Ticks, time = 268805 |
|
2 | |
| Get Time | type = Ticks, time = 268914 |
|
4 | |
| Get Time | type = Ticks, time = 269023 |
|
2 | |
| Get Time | type = Ticks, time = 269132 |
|
2 | |
| Get Time | type = Ticks, time = 269242 |
|
2 | |
| Get Time | type = Ticks, time = 269351 |
|
2 | |
| Get Time | type = Ticks, time = 269460 |
|
2 | |
| Get Time | type = Ticks, time = 269600 |
|
2 | |
| Get Time | type = Ticks, time = 269741 |
|
2 | |
| Get Time | type = Ticks, time = 270053 |
|
4 | |
| Get Time | type = Ticks, time = 270256 |
|
2 | |
| Get Time | type = Ticks, time = 270396 |
|
2 | |
| Get Time | type = Ticks, time = 270786 |
|
2 | |
| Get Time | type = Ticks, time = 271129 |
|
4 | |
| Get Time | type = Ticks, time = 271285 |
|
2 | |
| Get Time | type = Ticks, time = 271613 |
|
2 | |
| Get Time | type = Ticks, time = 271831 |
|
2 | |
| Get Time | type = Ticks, time = 272237 |
|
4 | |
| Get Time | type = Ticks, time = 272533 |
|
2 | |
| Get Time | type = Ticks, time = 272767 |
|
2 | |
| Get Time | type = Ticks, time = 272986 |
|
2 | |
| Get Time | type = Ticks, time = 273298 |
|
4 | |
| Get Time | type = Ticks, time = 273563 |
|
2 | |
| Get Time | type = Ticks, time = 273984 |
|
2 | |
| Get Time | type = Ticks, time = 274296 |
|
2 | |
| Get Time | type = Ticks, time = 274873 |
|
4 | |
| Get Time | type = Ticks, time = 275092 |
|
2 | |
| Get Time | type = Ticks, time = 275466 |
|
2 | |
| Get Time | type = Ticks, time = 275778 |
|
2 | |
| Get Time | type = Ticks, time = 276043 |
|
2 | |
| Get Time | type = Ticks, time = 276059 |
|
2 | |
| Get Time | type = Ticks, time = 276293 |
|
2 | |
| Get Time | type = Ticks, time = 276839 |
|
2 | |
| Get Time | type = Ticks, time = 277229 |
|
4 | |
| Get Time | type = Ticks, time = 277494 |
|
2 | |
| Get Time | type = Ticks, time = 277759 |
|
2 | |
| Get Time | type = Ticks, time = 278243 |
|
4 | |
| Get Time | type = Ticks, time = 278524 |
|
2 | |
| Get Time | type = Ticks, time = 278664 |
|
2 | |
| Get Time | type = Ticks, time = 278836 |
|
2 | |
| Get Time | type = Ticks, time = 279070 |
|
2 | |
| Get Time | type = Ticks, time = 279319 |
|
4 | |
| Get Time | type = Ticks, time = 279584 |
|
2 | |
| Get Time | type = Ticks, time = 279740 |
|
2 | |
| Get Time | type = Ticks, time = 280286 |
|
2 | |
| Get Time | type = Ticks, time = 280411 |
|
4 | |
| Get Time | type = Ticks, time = 280567 |
|
2 | |
| Get Time | type = Ticks, time = 280754 |
|
2 | |
| Get Time | type = Ticks, time = 280926 |
|
2 | |
| Get Time | type = Ticks, time = 281223 |
|
2 | |
| Get Time | type = Ticks, time = 281332 |
|
2 | |
| Get Time | type = Ticks, time = 281472 |
|
4 | |
| Get Time | type = Ticks, time = 281815 |
|
2 | |
| Get Time | type = Ticks, time = 281925 |
|
2 | |
| Get Time | type = Ticks, time = 282065 |
|
2 | |
| Get Time | type = Ticks, time = 282174 |
|
2 | |
| Get Time | type = Ticks, time = 282283 |
|
2 | |
| Get Time | type = Ticks, time = 282455 |
|
2 | |
| Get Time | type = Ticks, time = 282658 |
|
4 | |
| Get Time | type = Ticks, time = 282783 |
|
2 | |
| Get Time | type = Ticks, time = 283235 |
|
2 | |
| Get Time | type = Ticks, time = 283578 |
|
2 | |
| Get Time | type = Ticks, time = 284077 |
|
4 | |
| Get Time | type = Ticks, time = 284389 |
|
2 | |
| Get Time | type = Ticks, time = 284935 |
|
2 | |
| Get Time | type = Ticks, time = 285263 |
|
4 | |
| Get Time | type = Ticks, time = 285700 |
|
2 | |
| Get Info | type = Operating System |
|
2 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\syncronize_V59QH4A |
|
1 | |
| Create | mutex_name = Global\syncronize_V59QH4U |
|
1 | |
| Open | mutex_name = Global\syncronize_V59QH4A, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\syncronize_V59QH4U, desired_access = SYNCHRONIZE |
|
1 |
Process #3: cmd.exe
245
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:22, Reason: Child Process |
| Unmonitor | End Time: 00:03:46, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x124 |
| Parent PID | 0x67c (c:\users\5p5nrgjn0js halpmcxz\desktop\winhost.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x0016ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00170000 | 0x001d6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0030ffff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x00310000 | 0x00320fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x005e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x00770fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000780000 | 0x00780000 | 0x01b7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001b80000 | 0x01b80000 | 0x01ec2fff | Pagefile Backed Memory | r |
|
|
|
- |
| basebrd.dll | 0x01ed0000 | 0x01f97fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000001fa0000 | 0x01fa0000 | 0x02392fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x023a0000 | 0x0266efff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x4a610000 | 0x4a668fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77640000 | 0x77739fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77740000 | 0x7785efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77860000 | 0x77a08fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fffc000 | 0x7fffc000 | 0x7fffcfff | Private Memory | rw |
|
|
|
- |
| winbrand.dll | 0x7fef44b0000 | 0x7fef44b7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd900000 | 0x7fefd96afff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdb80000 | 0x7fefdc48fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefdd30000 | 0x7fefdd3dfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefdd40000 | 0x7fefdd6dfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefed10000 | 0x7fefed76fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefed80000 | 0x7fefee88fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feffa80000 | 0x7feffb1efff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feffb80000 | 0x7feffb80fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (182)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
11 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
5 | |
| Open | STD_OUTPUT_HANDLE | - |
|
25 | |
| Open | STD_INPUT_HANDLE | - |
|
69 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
60 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (4)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\mode.com | os_pid = 0x814, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\vssadmin.exe | os_pid = 0x894, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\Windows\system32\mode.com | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\Windows\system32\vssadmin.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\Windows\system32\mode.com | address = 0x7fffffda000, size = 896 |
|
1 | |
| Read | C:\Windows\system32\vssadmin.exe | address = 0x7fffffdf000, size = 896 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x77860000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x4a610000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77740000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77756d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x777523d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77748290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x777517e0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x778b14a0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-01-19 11:55:51 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 265716 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (25)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
3 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
2 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: mode.com
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\mode.com |
| Command Line | mode con cp select=1251 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:23, Reason: Child Process |
| Unmonitor | End Time: 00:03:26, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x814 |
| Parent PID | 0x124 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
6D8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e6fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x0026ffff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x00270000 | 0x00280fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000290000 | 0x00290000 | 0x00291fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| ulib.dll.mui | 0x003d0000 | 0x00407fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000540000 | 0x00540000 | 0x0054ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x006d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006e0000 | 0x006e0000 | 0x00860fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000870000 | 0x00870000 | 0x01c6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| user32.dll | 0x77640000 | 0x77739fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77740000 | 0x7785efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77860000 | 0x77a08fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| mode.com | 0xff170000 | 0xff17bfff | Memory Mapped File | rwx |
|
|
|
- |
| ureg.dll | 0x7fef9020000 | 0x7fef902bfff | Memory Mapped File | rwx |
|
|
|
- |
| ulib.dll | 0x7fef9030000 | 0x7fef9057fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7fefbf90000 | 0x7fefbfe5fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd900000 | 0x7fefd96afff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdb80000 | 0x7fefdc48fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefdd30000 | 0x7fefdd3dfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefdd40000 | 0x7fefdd6dfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefed10000 | 0x7fefed76fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefed80000 | 0x7fefee88fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff0f0000 | 0x7feff1cafff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feff1d0000 | 0x7feff2fcfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7feff850000 | 0x7feff86efff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feffa80000 | 0x7feffb1efff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feffb80000 | 0x7feffb80fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #5: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:27, Reason: Child Process |
| Unmonitor | End Time: 00:03:46, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x894 |
| Parent PID | 0x124 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
85C
0x
854
0x
84C
0x
848
0x
844
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x000affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000140000 | 0x00140000 | 0x00146fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00151fff | Pagefile Backed Memory | rw |
|
|
|
- |
| vssadmin.exe.mui | 0x00160000 | 0x0016cfff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00190fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x0029ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x0039ffff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x003a0000 | 0x003b0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0044ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000450000 | 0x00450000 | 0x005d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000005e0000 | 0x005e0000 | 0x00760fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000770000 | 0x00770000 | 0x01b6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001b70000 | 0x01b70000 | 0x01beffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001ce0000 | 0x01ce0000 | 0x01d5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01e3ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x01e40000 | 0x0210efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002190000 | 0x02190000 | 0x0220ffff | Private Memory | rw |
|
|
|
- |
| user32.dll | 0x77640000 | 0x77739fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77740000 | 0x7785efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77860000 | 0x77a08fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| vssadmin.exe | 0xffb60000 | 0xffb8cfff | Memory Mapped File | rwx |
|
|
|
- |
| vsstrace.dll | 0x7fef7e80000 | 0x7fef7e96fff | Memory Mapped File | rwx |
|
|
|
- |
| vssapi.dll | 0x7fef7ea0000 | 0x7fef804ffff | Memory Mapped File | rwx |
|
|
|
- |
| vss_ps.dll | 0x7fef9000000 | 0x7fef9013fff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x7fefb260000 | 0x7fefb278fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7fefcda0000 | 0x7fefcde6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7fefd0a0000 | 0x7fefd0b6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7fefd6a0000 | 0x7fefd6aefff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x7fefd790000 | 0x7fefd7a3fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd900000 | 0x7fefd96afff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdb80000 | 0x7fefdc48fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7fefdc50000 | 0x7fefdd26fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefdd30000 | 0x7fefdd3dfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefdd40000 | 0x7fefdd6dfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefed10000 | 0x7fefed76fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefed80000 | 0x7fefee88fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff0f0000 | 0x7feff1cafff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feff1d0000 | 0x7feff2fcfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7feff560000 | 0x7feff5f8fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7feff850000 | 0x7feff86efff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7feff870000 | 0x7feffa72fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7feffa80000 | 0x7feffb1efff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feffb80000 | 0x7feffb80fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd5000 | 0x7fffffd5000 | 0x7fffffd6fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd7000 | 0x7fffffd7000 | 0x7fffffd8fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd9000 | 0x7fffffd9000 | 0x7fffffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdb000 | 0x7fffffdb000 | 0x7fffffdcfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #10: winhost.exe
100
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\winhost.exe |
| Command Line | "C:\Windows\System32\winhost.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:12, Reason: Autostart |
| Unmonitor | End Time: 00:04:28, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x548 |
| Parent PID | 0x368 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
54C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| imm32.dll | 0x001a0000 | 0x001bdfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x0023ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x0025afff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00360000 | 0x003c6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x003dafff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | rwx |
|
|
|
- |
| winhost.exe | 0x00400000 | 0x008fbfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000900000 | 0x00900000 | 0x009bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000900000 | 0x00900000 | 0x00930fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000940000 | 0x00940000 | 0x00961fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000970000 | 0x00970000 | 0x00971fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000980000 | 0x00980000 | 0x0098ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000990000 | 0x00990000 | 0x00991fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000990000 | 0x00990000 | 0x00990fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009b0000 | 0x009b0000 | 0x009bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000009c0000 | 0x009c0000 | 0x00b47fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000b50000 | 0x00b50000 | 0x00cd0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ce0000 | 0x00ce0000 | 0x020dffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000020e0000 | 0x020e0000 | 0x024effff | Pagefile Backed Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x020e0000 | 0x023aefff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000023b0000 | 0x023b0000 | 0x024effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000023b0000 | 0x023b0000 | 0x023b1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000023c0000 | 0x023c0000 | 0x023c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000023d0000 | 0x023d0000 | 0x023d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000023e0000 | 0x023e0000 | 0x023e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000023f0000 | 0x023f0000 | 0x023f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002400000 | 0x02400000 | 0x02400fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002410000 | 0x02410000 | 0x02410fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002420000 | 0x02420000 | 0x02420fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002430000 | 0x02430000 | 0x02430fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002440000 | 0x02440000 | 0x02440fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002460000 | 0x02460000 | 0x02460fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002470000 | 0x02470000 | 0x02470fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002480000 | 0x02480000 | 0x02481fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002490000 | 0x02490000 | 0x02490fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024a0000 | 0x024a0000 | 0x024a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024d0000 | 0x024d0000 | 0x024d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024e0000 | 0x024e0000 | 0x024effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000024f0000 | 0x024f0000 | 0x028fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002670000 | 0x02670000 | 0x02670fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002680000 | 0x02680000 | 0x02680fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026d0000 | 0x026d0000 | 0x026d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026e0000 | 0x026e0000 | 0x027dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000027e0000 | 0x027e0000 | 0x0284ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002850000 | 0x02850000 | 0x0292efff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002930000 | 0x02930000 | 0x02a3ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x02a40000 | 0x0336ffff | Memory Mapped File | r |
|
|
|
- |
| uxtheme.dll | 0x736a0000 | 0x7371ffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x738c0000 | 0x738c7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x738d0000 | 0x7392bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73930000 | 0x7396efff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74b70000 | 0x74b82fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74da0000 | 0x74e23fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74e30000 | 0x74e38fff | Memory Mapped File | rwx |
|
|
|
- |
| winmm.dll | 0x74e40000 | 0x74e71fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74ea0000 | 0x74eabfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74eb0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x74fa0000 | 0x7503ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75040000 | 0x75096fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x750a0000 | 0x750a9fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75310000 | 0x753dbfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x753e0000 | 0x754cffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75500000 | 0x75545fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75590000 | 0x7569ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x758a0000 | 0x7599ffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x759e0000 | 0x75a7cfff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x75b80000 | 0x75cdbfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75cf0000 | 0x76939fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x76940000 | 0x769cffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x769d0000 | 0x76a2ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76a50000 | 0x76a68fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76d30000 | 0x76ddbfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76de0000 | 0x76e6efff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x76ed0000 | 0x76f4afff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000076f50000 | 0x76f50000 | 0x7706efff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077070000 | 0x77070000 | 0x77169fff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77170000 | 0x77318fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77350000 | 0x774cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\.\SICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\SIWVID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\NTICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\system32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_SYSTEM, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\winhost.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Read | C:\Windows\system32\ntdll.dll | size = 32, size_out = 32 |
|
1 |
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Wine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Hardware\description\System | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | value_name = DriverDesc, data = 83 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = SystemBiosVersion, data = 80 |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = VideoBiosVersion, data = 80 |
|
1 |
Module (47)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | USER32.dll | base_address = 0x758a0000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x74fa0000 |
|
1 | |
| Load | NTDLL.dll | base_address = 0x77350000 |
|
1 | |
| Load | winmm.dll | base_address = 0x74e40000 |
|
2 | |
| Load | NTDLL | base_address = 0x77350000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x75590000 |
|
4 | |
| Load | user32.dll | base_address = 0x758a0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x74fa0000 |
|
2 | |
| Load | oleaut32.dll | base_address = 0x76de0000 |
|
2 | |
| Load | version.dll | base_address = 0x74e30000 |
|
1 | |
| Load | gdi32.dll | base_address = 0x76940000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x74da0000 |
|
1 | |
| Load | comdlg32.dll | base_address = 0x76ed0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77350000 |
|
13 | |
| Get Filename | - | process_name = c:\windows\system32\winhost.exe, file_name_orig = C:\Windows\System32\winhost.exe, size = 256 |
|
1 | |
| Get Filename | - | process_name = c:\windows\system32\winhost.exe, file_name_orig = C:\Windows\System32\winhost.exe, size = 512 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x755b10b5 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeGetTime, address_out = 0x74e426e0 |
|
2 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtOpenThread, address_out = 0x77371128 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x7736fda0 |
|
4 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateHeap, address_out = 0x7737e026 |
|
2 | |
| Create Mapping | - | filename = System Paging File, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Map | - | process_name = c:\windows\system32\winhost.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (14)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = OLLYDBG |
|
1 | |
| Find | - | class_name = GBDYLLO |
|
1 | |
| Find | - | class_name = pediy06 |
|
1 | |
| Find | - | class_name = FilemonClass |
|
2 | |
| Find | File Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = PROCMON_WINDOW_CLASS |
|
2 | |
| Find | Process Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = RegmonClass |
|
1 | |
| Find | Registry Monitor - Sysinternals: www.sysinternals.com | - |
|
1 | |
| Find | - | class_name = 18467-41 |
|
1 |
System (17)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-19 11:56:54 (Local Time) |
|
2 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = SYSTEM_MODULE_INFORMATION |
|
4 |
Debug (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\windows\system32\winhost.exe | - |
|
1 | |
| Check for Presence | c:\windows\system32\winhost.exe | - |
|
1 | |
| Check for Presence | c:\windows\system32\winhost.exe | - |
|
1 | |
| Hide | c:\windows\system32\winhost.exe | - |
|
1 | |
| c:\windows\system32\winhost.exe | type = DEBUG_STRING, text = %s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------ |
|
1 |
Process #11: winhost.exe
100
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe |
| Command Line | "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:12, Reason: Autostart |
| Unmonitor | End Time: 00:04:28, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x558 |
| Parent PID | 0x368 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
55C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0031ffff | Private Memory | rw |
|
|
|
- |
| imm32.dll | 0x00210000 | 0x0022dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000240000 | 0x00240000 | 0x0024afff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x0025afff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x00280fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x00290fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002c1fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002f1fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0031ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x00321fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x00330fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x003bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | rwx |
|
|
|
- |
| winhost.exe | 0x00400000 | 0x008fbfff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000900000 | 0x00900000 | 0x00a87fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000a90000 | 0x00a90000 | 0x00a90fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00b9ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ba0000 | 0x00ba0000 | 0x00d20fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000d30000 | 0x00d30000 | 0x0212ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002130000 | 0x02130000 | 0x0253ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02130000 | 0x023fefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002400000 | 0x02400000 | 0x0255ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002400000 | 0x02400000 | 0x02400fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002410000 | 0x02410000 | 0x02410fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002420000 | 0x02420000 | 0x02420fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002430000 | 0x02430000 | 0x02430fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002440000 | 0x02440000 | 0x02440fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002450000 | 0x02450000 | 0x02450fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002460000 | 0x02460000 | 0x02460fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002470000 | 0x02470000 | 0x02471fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002480000 | 0x02480000 | 0x02480fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002490000 | 0x02490000 | 0x02490fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024a0000 | 0x024a0000 | 0x024a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024b0000 | 0x024b0000 | 0x024b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024c0000 | 0x024c0000 | 0x024c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024d0000 | 0x024d0000 | 0x024d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024e0000 | 0x024e0000 | 0x024e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000002540000 | 0x02540000 | 0x0294ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x0255ffff | Private Memory | rw |
|
|
|
- |
| winhost.exe | 0x02560000 | 0x02750fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002670000 | 0x02670000 | 0x02670fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002680000 | 0x02680000 | 0x02681fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026d0000 | 0x026d0000 | 0x027cffff | Private Memory | - |
|
|
|
- |
| private_0x0000000002760000 | 0x02760000 | 0x02950fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027d0000 | 0x027d0000 | 0x028cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000028d0000 | 0x028d0000 | 0x029aefff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000029b0000 | 0x029b0000 | 0x02bcffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x02bd0000 | 0x034fffff | Memory Mapped File | r |
|
|
|
- |
| uxtheme.dll | 0x736a0000 | 0x7371ffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x738c0000 | 0x738c7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x738d0000 | 0x7392bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73930000 | 0x7396efff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74b70000 | 0x74b82fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74da0000 | 0x74e23fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74e30000 | 0x74e38fff | Memory Mapped File | rwx |
|
|
|
- |
| winmm.dll | 0x74e40000 | 0x74e71fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74ea0000 | 0x74eabfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74eb0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x74fa0000 | 0x7503ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75040000 | 0x75096fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x750a0000 | 0x750a9fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75310000 | 0x753dbfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x753e0000 | 0x754cffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75500000 | 0x75545fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75590000 | 0x7569ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x758a0000 | 0x7599ffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x759e0000 | 0x75a7cfff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x75b80000 | 0x75cdbfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75cf0000 | 0x76939fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x76940000 | 0x769cffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x769d0000 | 0x76a2ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76a50000 | 0x76a68fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76d30000 | 0x76ddbfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76de0000 | 0x76e6efff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x76ed0000 | 0x76f4afff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000076f50000 | 0x76f50000 | 0x7706efff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077070000 | 0x77070000 | 0x77169fff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77170000 | 0x77318fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77350000 | 0x774cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\.\SICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\SIWVID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\NTICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\system32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_SYSTEM, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Read | C:\Windows\system32\ntdll.dll | size = 32, size_out = 32 |
|
1 |
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Wine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Hardware\description\System | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | value_name = DriverDesc, data = 83 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = SystemBiosVersion, data = 80 |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = VideoBiosVersion, data = 80 |
|
1 |
Module (47)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | USER32.dll | base_address = 0x758a0000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x74fa0000 |
|
1 | |
| Load | NTDLL.dll | base_address = 0x77350000 |
|
1 | |
| Load | winmm.dll | base_address = 0x74e40000 |
|
2 | |
| Load | NTDLL | base_address = 0x77350000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x75590000 |
|
4 | |
| Load | user32.dll | base_address = 0x758a0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x74fa0000 |
|
2 | |
| Load | oleaut32.dll | base_address = 0x76de0000 |
|
2 | |
| Load | version.dll | base_address = 0x74e30000 |
|
1 | |
| Load | gdi32.dll | base_address = 0x76940000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x74da0000 |
|
1 | |
| Load | comdlg32.dll | base_address = 0x76ed0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77350000 |
|
13 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe, size = 256 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe, size = 512 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x755b10b5 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeGetTime, address_out = 0x74e426e0 |
|
2 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtOpenThread, address_out = 0x77371128 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x7736fda0 |
|
4 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateHeap, address_out = 0x7737e026 |
|
2 | |
| Create Mapping | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Map | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (14)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = OLLYDBG |
|
1 | |
| Find | - | class_name = GBDYLLO |
|
1 | |
| Find | - | class_name = pediy06 |
|
1 | |
| Find | - | class_name = FilemonClass |
|
2 | |
| Find | File Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = PROCMON_WINDOW_CLASS |
|
2 | |
| Find | Process Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = RegmonClass |
|
1 | |
| Find | Registry Monitor - Sysinternals: www.sysinternals.com | - |
|
1 | |
| Find | - | class_name = 18467-41 |
|
1 |
System (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Local Time, time = 2019-01-19 11:56:54 (Local Time) |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-19 11:56:56 (Local Time) |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = SYSTEM_MODULE_INFORMATION |
|
4 |
Debug (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| Check for Presence | c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| Check for Presence | c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| Hide | c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| c:\programdata\microsoft\windows\start menu\programs\startup\winhost.exe | type = DEBUG_STRING, text = %s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------ |
|
1 |
Process #12: winhost.exe
100
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:12, Reason: Autostart |
| Unmonitor | End Time: 00:04:28, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x560 |
| Parent PID | 0x368 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
564
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0026ffff | Private Memory | rw |
|
|
|
- |
| imm32.dll | 0x00210000 | 0x0022dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x00210fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x00220fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x00230fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000240000 | 0x00240000 | 0x0024afff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x00240fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x0025afff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x00250fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0026ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x0027ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000270000 | 0x00270000 | 0x00270fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x00280fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x0030ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x00331fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x00380fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x00391fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x003affff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003c1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | rwx |
|
|
|
- |
| winhost.exe | 0x00400000 | 0x008fbfff | Memory Mapped File | rwx |
|
|
|
|
| private_0x0000000000900000 | 0x00900000 | 0x00900fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000910000 | 0x00910000 | 0x00910fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000920000 | 0x00920000 | 0x00920fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000930000 | 0x00930000 | 0x00930fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000940000 | 0x00940000 | 0x00940fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000950000 | 0x00950000 | 0x00950fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000960000 | 0x00960000 | 0x00960fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000970000 | 0x00970000 | 0x00970fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000980000 | 0x00980000 | 0x00980fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000990000 | 0x00990000 | 0x00991fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009a0000 | 0x009a0000 | 0x009a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009b0000 | 0x009b0000 | 0x009b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009c0000 | 0x009c0000 | 0x009c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009d0000 | 0x009d0000 | 0x009d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009e0000 | 0x009e0000 | 0x009e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000009f0000 | 0x009f0000 | 0x00aeffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000af0000 | 0x00af0000 | 0x00c77fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c80000 | 0x00c80000 | 0x00e00fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000e10000 | 0x00e10000 | 0x0220ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000002210000 | 0x02210000 | 0x0261ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02210000 | 0x024defff | Memory Mapped File | r |
|
|
|
- |
| winhost.exe | 0x024e0000 | 0x026d0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000024e0000 | 0x024e0000 | 0x024e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000024f0000 | 0x024f0000 | 0x024f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002500000 | 0x02500000 | 0x02500fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002510000 | 0x02510000 | 0x02510fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x02520fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002530000 | 0x02530000 | 0x02530fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002540000 | 0x02540000 | 0x02540fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x02550fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002560000 | 0x02560000 | 0x02560fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002570000 | 0x02570000 | 0x02570fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002580000 | 0x02580000 | 0x02580fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002590000 | 0x02590000 | 0x02590fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025a0000 | 0x025a0000 | 0x025a0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025b0000 | 0x025b0000 | 0x025b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025d0000 | 0x025d0000 | 0x025d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025e0000 | 0x025e0000 | 0x025e0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000025f0000 | 0x025f0000 | 0x025f0fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x02600fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002610000 | 0x02610000 | 0x02610fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000002620000 | 0x02620000 | 0x02a2ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002620000 | 0x02620000 | 0x02620fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x02630fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x02640fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002650000 | 0x02650000 | 0x02650fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002660000 | 0x02660000 | 0x02660fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002670000 | 0x02670000 | 0x02670fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002680000 | 0x02680000 | 0x02680fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000002690000 | 0x02690000 | 0x02690fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026a0000 | 0x026a0000 | 0x026a1fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026b0000 | 0x026b0000 | 0x026b0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026c0000 | 0x026c0000 | 0x026c0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026d0000 | 0x026d0000 | 0x026d0fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000026e0000 | 0x026e0000 | 0x028d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000026e0000 | 0x026e0000 | 0x027dffff | Private Memory | - |
|
|
|
- |
| private_0x00000000027e0000 | 0x027e0000 | 0x0290ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000027e0000 | 0x027e0000 | 0x028befff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000028d0000 | 0x028d0000 | 0x0290ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002910000 | 0x02910000 | 0x02b1ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x02b20000 | 0x0344ffff | Memory Mapped File | r |
|
|
|
- |
| uxtheme.dll | 0x736a0000 | 0x7371ffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x738c0000 | 0x738c7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x738d0000 | 0x7392bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73930000 | 0x7396efff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74b70000 | 0x74b82fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74da0000 | 0x74e23fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x74e30000 | 0x74e38fff | Memory Mapped File | rwx |
|
|
|
- |
| winmm.dll | 0x74e40000 | 0x74e71fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x74ea0000 | 0x74eabfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x74eb0000 | 0x74f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x74fa0000 | 0x7503ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75040000 | 0x75096fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x750a0000 | 0x750a9fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75310000 | 0x753dbfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x753e0000 | 0x754cffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75500000 | 0x75545fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75590000 | 0x7569ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x758a0000 | 0x7599ffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x759e0000 | 0x75a7cfff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x75b80000 | 0x75cdbfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75cf0000 | 0x76939fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x76940000 | 0x769cffff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x769d0000 | 0x76a2ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x76a50000 | 0x76a68fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x76d30000 | 0x76ddbfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76de0000 | 0x76e6efff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x76ed0000 | 0x76f4afff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000076f50000 | 0x76f50000 | 0x7706efff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077070000 | 0x77070000 | 0x77169fff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77170000 | 0x77318fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77350000 | 0x774cffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | \\.\SICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\SIWVID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | \\.\NTICE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Windows\system32\ntdll.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_SYSTEM, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, share_mode = FILE_SHARE_READ |
|
1 | |
| Read | C:\Windows\system32\ntdll.dll | size = 32, size_out = 32 |
|
1 |
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Wine | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Hardware\description\System | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 | value_name = DriverDesc, data = 83 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = SystemBiosVersion, data = 80 |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\Hardware\description\System | value_name = VideoBiosVersion, data = 80 |
|
1 |
Module (47)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | USER32.dll | base_address = 0x758a0000 |
|
1 | |
| Load | ADVAPI32.dll | base_address = 0x74fa0000 |
|
1 | |
| Load | NTDLL.dll | base_address = 0x77350000 |
|
1 | |
| Load | winmm.dll | base_address = 0x74e40000 |
|
2 | |
| Load | NTDLL | base_address = 0x77350000 |
|
1 | |
| Load | kernel32.dll | base_address = 0x75590000 |
|
4 | |
| Load | user32.dll | base_address = 0x758a0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x74fa0000 |
|
2 | |
| Load | oleaut32.dll | base_address = 0x76de0000 |
|
2 | |
| Load | version.dll | base_address = 0x74e30000 |
|
1 | |
| Load | gdi32.dll | base_address = 0x76940000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x74da0000 |
|
1 | |
| Load | comdlg32.dll | base_address = 0x76ed0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\ntdll.dll | base_address = 0x77350000 |
|
13 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe, size = 256 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe, size = 512 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x755b10b5 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeGetTime, address_out = 0x74e426e0 |
|
2 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtOpenThread, address_out = 0x77371128 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x7736fda0 |
|
4 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = RtlAllocateHeap, address_out = 0x7737e026 |
|
2 | |
| Create Mapping | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe, protection = PAGE_READONLY, maximum_size = 0 |
|
1 | |
| Map | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe, desired_access = FILE_MAP_READ |
|
1 |
Window (14)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Find | - | class_name = OLLYDBG |
|
1 | |
| Find | - | class_name = GBDYLLO |
|
1 | |
| Find | - | class_name = pediy06 |
|
1 | |
| Find | - | class_name = FilemonClass |
|
2 | |
| Find | File Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = PROCMON_WINDOW_CLASS |
|
2 | |
| Find | Process Monitor - Sysinternals: www.sysinternals.com | - |
|
2 | |
| Find | - | class_name = RegmonClass |
|
1 | |
| Find | Registry Monitor - Sysinternals: www.sysinternals.com | - |
|
1 | |
| Find | - | class_name = 18467-41 |
|
1 |
System (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Local Time, time = 2019-01-19 11:56:54 (Local Time) |
|
1 | |
| Get Time | type = Local Time, time = 2019-01-19 11:56:57 (Local Time) |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = Operating System |
|
5 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 | |
| Get Info | type = SYSTEM_MODULE_INFORMATION |
|
4 |
Debug (5)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| Hide | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe | - |
|
1 | |
| c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\winhost.exe | type = DEBUG_STRING, text = %s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------ |
|
1 |
