680949c3c5b4b6ffdbe297fcb15096b5d53c8480d0c53ab4dd9801d711a78f31 (SHA256)
ransom_poc.exe
Windows Exe (x86-32)
Created at 2019-01-18 15:12:00
Notifications (1/1)
Every analysis has a preconfigured maximum VM disk size for temporary changes. This limit was reached during this analysis and, as an result, the analysis was terminated prematurely.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: ransom_poc.exe
3884
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\ransom_poc.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ransom_poc.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:27, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:02, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:35 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x380 |
| Parent PID | 0x460 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
324
0x
1C4
0x
170
0x
33C
0x
7D8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x000b0000 | 0x00116fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | rw |
|
|
|
- |
| rsaenh.dll | 0x00130000 | 0x0016bfff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x004affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0044ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004a0000 | 0x004a0000 | 0x004affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004c0000 | 0x004c0000 | 0x0053ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006b0000 | 0x006b0000 | 0x007affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007b0000 | 0x007b0000 | 0x00937fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00ac0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ad0000 | 0x00ad0000 | 0x00ccffff | Private Memory | rw |
|
|
|
- |
| ransom_poc.exe | 0x01230000 | 0x01256fff | Memory Mapped File | rwx |
|
|
|
|
| pagefile_0x0000000001260000 | 0x01260000 | 0x0265ffff | Pagefile Backed Memory | r |
|
|
|
- |
| wow64cpu.dll | 0x74f80000 | 0x74f87fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74f90000 | 0x74febfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x74ff0000 | 0x7502efff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x75400000 | 0x7540afff | Memory Mapped File | rwx |
|
|
|
- |
| userenv.dll | 0x75410000 | 0x75426fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x75430000 | 0x7546afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x75470000 | 0x75485fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75590000 | 0x7559bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x755a0000 | 0x755fffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75660000 | 0x7570bfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75710000 | 0x75719fff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x75720000 | 0x7583cfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x75a60000 | 0x75a78fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75a80000 | 0x75b0ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x75b10000 | 0x75bfffff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x75c60000 | 0x75c6bfff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75cc0000 | 0x76909fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x76b30000 | 0x76bfbfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x76c00000 | 0x76c5ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76f90000 | 0x7702ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x771d0000 | 0x772cffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x77350000 | 0x773a6fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x773b0000 | 0x774bffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77550000 | 0x775ecfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x775f0000 | 0x77635fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077640000 | 0x77640000 | 0x77739fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077740000 | 0x77740000 | 0x7785efff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77860000 | 0x77a08fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77a40000 | 0x77bbffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\windows\JAMES\james_flag | 0.00 KB |
MD5:
d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 SSDeep: 3:: |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3388679973-3930757225-3770151564-1000\ef23ed436bc1ea25e8a353e8da348db5_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f | 0.05 KB |
MD5:
1ddcdb94900f6f4166fe71c5c698fca6
SHA1: 69ce46c117d5e6f347c633c9c8fdbb64f7191d05 SHA256: d2a655c7fa9ced0cc83f4cc8dbd7655da324cab5e4883b413677f4c376dded85 SSDeep: 3:/l1llAGAXl:u |
|
|
Host Behavior
File (2754)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | c:\windows\JAMES\james_flag | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | c:\windows\JAMES\james_flag | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | c:\windows\JAMES\Encrypted_Files.txt | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | c:\windows\JAMES\KeyHash | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | c:\windows\JAMES\EncryptedKey | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG1.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG2.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BOOTSTAT.DAT.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\memtest.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.JAMES | desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create Directory | c:\windows\JAMES\ | - |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Get Info | c:\windows\JAMES\james_flag | type = file_type |
|
1 | |
| Get Info | c:\windows\JAMES\Encrypted_Files.txt | type = file_type |
|
1 | |
| Get Info | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | type = size |
|
1 | |
| Get Info | C:\\Boot\BCD.LOG1 | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\Boot\BCD.LOG1 | type = size |
|
1 | |
| Get Info | C:\\Boot\BCD.LOG2 | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\Boot\BCD.LOG2 | type = size |
|
1 | |
| Get Info | C:\\Boot\BOOTSTAT.DAT | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\Boot\BOOTSTAT.DAT | type = size |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | type = size |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab | type = size, size_out = 0 |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | size = 2048, size_out = 129 |
|
1 | |
| Read | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | size = 2048, size_out = 0 |
|
1 | |
| Read | C:\\Boot\BCD.LOG1 | size = 2048, size_out = 0 |
|
1 | |
| Read | C:\\Boot\BCD.LOG2 | size = 2048, size_out = 0 |
|
1 | |
| Read | C:\\Boot\BOOTSTAT.DAT | size = 2048, size_out = 2048 |
|
32 | |
| Read | C:\\Boot\BOOTSTAT.DAT | size = 2048, size_out = 0 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab | size = 2048, size_out = 2048 |
|
250 | |
| Read | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | size = 2048, size_out = 1565 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | size = 2048, size_out = 1450 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 1886 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | size = 2048, size_out = 1450 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 1608 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | size = 2048, size_out = 1800 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | size = 2048, size_out = 1347 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | size = 2048, size_out = 1457 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | size = 2048, size_out = 1458 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | size = 2048, size_out = 811 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | size = 2048, size_out = 1383 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | size = 2048, size_out = 1231 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 1852 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | size = 2048, size_out = 2048 |
|
250 | |
| Read | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | size = 2048, size_out = 2048 |
|
250 | |
| Read | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | size = 2048, size_out = 1606 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 1988 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | size = 2048, size_out = 1452 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 1872 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | size = 2048, size_out = 913 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 1452 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | size = 2048, size_out = 1857 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | size = 2048, size_out = 819 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | size = 2048, size_out = 1349 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | size = 2048, size_out = 819 |
|
1 | |
| Read | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | size = 2048, size_out = 2048 |
|
85 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | size = 2048, size_out = 360 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | size = 2048, size_out = 0 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | size = 2048, size_out = 2048 |
|
250 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | size = 2048, size_out = 2048 |
|
1 | |
| Read | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab | size = 2048, size_out = 2048 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
1 | |
| Write | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.JAMES | size = 144 |
|
1 | |
| Write | C:\\Boot\BOOTSTAT.DAT.JAMES | size = 2048 |
|
32 | |
| Write | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.JAMES | size = 2048 |
|
249 | |
| Write | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.JAMES | size = 2048 |
|
249 | |
| Write | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.JAMES | size = 2048 |
|
249 | |
| Write | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.JAMES | size = 2048 |
|
85 | |
| Write | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.JAMES | size = 368 |
|
1 | |
| Write | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.JAMES | size = 2048 |
|
249 | |
| Delete | C:\\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | - |
|
1 | |
| Delete | C:\\Boot\BCD.LOG1 | - |
|
1 | |
| Delete | C:\\Boot\BCD.LOG2 | - |
|
1 | |
| Delete | C:\\Boot\BOOTSTAT.DAT | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | - |
|
1 | |
| Delete | C:\\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | worm.exe | show_window = SW_HIDE |
|
1 |
Module (7)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x773b0000 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ransom_poc.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ransom_poc.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x773c4f2b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x773c1252 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x773c4208 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x773c359f |
|
1 |
System (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Get Time | type = System Time, time = 2019-01-18 15:12:28 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 93444 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
