71506a3322b0e0bc6fc2c1a1f0ac844a82a8c3fbbfeb4e6452013b4ade7610fb (SHA256)
SauvegardeProjet.exe
Windows Exe (x86-32)
Created at 2018-10-28 08:51:00
Notifications (2/4)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The overall sleep time of all monitored processes was truncated from "21 seconds" to "10 seconds" to reveal dormant functionality.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: sauvegardeprojet.exe
833
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:24, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:20, Reason: Self Terminated |
| Monitor Duration | 00:01:56 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x1c4 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
420
0x
7C8
0x
5D0
0x
7D8
0x
6C8
0x
704
0x
590
0x
6E8
0x
74C
0x
0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0014ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x0017ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x001affff | Private Memory | - |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x0021ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000220000 | 0x00220000 | 0x00221fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0032ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0036ffff | Private Memory | rw |
|
|
|
- |
| gdipfontcachev1.dat | 0x00370000 | 0x0038afff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000370000 | 0x00370000 | 0x00370fff | Private Memory | rw |
|
|
|
- |
| windowsshell.manifest | 0x00380000 | 0x00380fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000380000 | 0x00380000 | 0x00386fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f1fff | Pagefile Backed Memory | r |
|
|
|
- |
| msctf.dll.mui | 0x003f0000 | 0x003f0fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x0040ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x00401fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x00400fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000410000 | 0x00410000 | 0x00410fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x004affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x0054ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x006affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000700000 | 0x00700000 | 0x007fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000800000 | 0x00800000 | 0x0080ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000810000 | 0x00810000 | 0x008eefff | Pagefile Backed Memory | r |
|
|
|
- |
| mscorrc.dll | 0x008f0000 | 0x00951fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000960000 | 0x00960000 | 0x0099ffff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x00000000009a0000 | 0x009a0000 | 0x00b27fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000b30000 | 0x00b30000 | 0x00cb0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000d20000 | 0x00d20000 | 0x00d5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000da0000 | 0x00da0000 | 0x00ddffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000de0000 | 0x00de0000 | 0x00e1ffff | Private Memory | rwx |
|
|
|
- |
| segoeui.ttf | 0x00e20000 | 0x00e9efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000e40000 | 0x00e40000 | 0x00e7ffff | Private Memory | rw |
|
|
|
- |
| sauvegardeprojet.exe | 0x00ea0000 | 0x00f3bfff | Memory Mapped File | rwx |
|
|
|
|
| pagefile_0x0000000000f40000 | 0x00f40000 | 0x0233ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000023b0000 | 0x023b0000 | 0x024affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000024c0000 | 0x024c0000 | 0x024fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002510000 | 0x02510000 | 0x0254ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002550000 | 0x02550000 | 0x0454ffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x04550000 | 0x045d1fff | Memory Mapped File | r |
|
|
|
- |
| micross.ttf | 0x04550000 | 0x045effff | Memory Mapped File | r |
|
|
|
- |
| tahoma.ttf | 0x04550000 | 0x045fafff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004550000 | 0x04550000 | 0x0461ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004640000 | 0x04640000 | 0x0473ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x04740000 | 0x04a0efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004a10000 | 0x04a10000 | 0x04bbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a10000 | 0x04a10000 | 0x04b7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a70000 | 0x04a70000 | 0x04b6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b70000 | 0x04b70000 | 0x04b7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b80000 | 0x04b80000 | 0x04bbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bc0000 | 0x04bc0000 | 0x04cbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004d20000 | 0x04d20000 | 0x04e1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004e20000 | 0x04e20000 | 0x04ffffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x04e20000 | 0x04fbafff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004ff0000 | 0x04ff0000 | 0x04ffffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nlp | 0x05000000 | 0x052d1fff | Memory Mapped File | r |
|
|
|
- |
| msjh.ttf | 0x052e0000 | 0x06788fff | Memory Mapped File | r |
|
|
|
- |
| msyh.ttf | 0x052e0000 | 0x067a2fff | Memory Mapped File | r |
|
|
|
- |
| malgun.ttf | 0x052e0000 | 0x05702fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000052e0000 | 0x052e0000 | 0x054f8fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000005540000 | 0x05540000 | 0x0563ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005710000 | 0x05710000 | 0x0590ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x05910000 | 0x0623ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000006240000 | 0x06240000 | 0x06632fff | Pagefile Backed Memory | r |
|
|
|
- |
| system.windows.forms.ni.dll | 0x707d0000 | 0x71427fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x71430000 | 0x71b45fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x71b50000 | 0x724fcfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x72500000 | 0x7372afff | Memory Mapped File | rwx |
|
|
|
- |
| system.windows.forms.dll | 0x73990000 | 0x73e27fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x73c90000 | 0x73e2dfff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x74150000 | 0x742dffff | Memory Mapped File | rwx |
|
|
|
- |
| system.runtime.remoting.ni.dll | 0x742e0000 | 0x743a4fff | Memory Mapped File | rwx |
|
|
|
- |
| nlssorting.dll | 0x743b0000 | 0x743c2fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x743d0000 | 0x74453fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74460000 | 0x7449afff | Memory Mapped File | rwx |
|
|
|
- |
| system.drawing.ni.dll | 0x744a0000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x74630000 | 0x74cd7fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74ce0000 | 0x74cf2fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74d00000 | 0x74d7ffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74d90000 | 0x74d97fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74da0000 | 0x74dfbfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x74e00000 | 0x74e3efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x74e50000 | 0x74e65fff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x74e70000 | 0x74eecfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x74ef0000 | 0x750bafff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x750c0000 | 0x751b4fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x751c0000 | 0x751c8fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x751d0000 | 0x75247fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x75250000 | 0x75299fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x753a0000 | 0x753abfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x753b0000 | 0x7540ffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x75410000 | 0x754acfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x754b0000 | 0x75532fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x75540000 | 0x7569bfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x756f0000 | 0x757effff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75a20000 | 0x75b2ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75b30000 | 0x75bcffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75ce0000 | 0x75d36fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75d40000 | 0x75e0bfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75e30000 | 0x75edbfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x75f60000 | 0x75feefff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x762b0000 | 0x762c8fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x762d0000 | 0x762d9fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x76500000 | 0x7655ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x765f0000 | 0x76635fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x772d0000 | 0x773bffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x773c0000 | 0x7744ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077450000 | 0x77450000 | 0x77549fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077550000 | 0x77550000 | 0x7766efff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77850000 | 0x779cffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 38 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\gdipfontcachev1.dat | 106.27 KB |
MD5:
92e128dcb152d05f07faf5da64bd1c91
SHA1: 2174814ca563fc2b9679fffbf1b40bdf3ac9abec SHA256: 11437a99f5f9c0a6df09c64abc8828ad3ecd8cf4fa601340ded86b8945edff43 SSDeep: 768:i8HrbdvVyZHgTl7ho5sZWN/Ys9byFRQ+AwqGuGyZoVyOF7rrlqTIyMnm:/pVyZHgTl7h6tKR7AwqlGyZQVO1Mnm |
|
|
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe.config | type = file_attributes |
|
1 | |
| Open Mapping | - | desired_access = 12 |
|
1 |
Registry (24)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | value_name = 0, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | value_name = 0, data = IDE\DiskHD502HI_________________________________OF90____\5&37d1a386&0&0.0.0, type = REG_SZ |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\msiexec.exe | os_pid = 0xad4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Get Info | C:\Windows\SysWOW64\msiexec.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Thread (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Queue APC | c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | os_tid = 0x590 |
|
1 |
Memory (4)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | C:\Windows\SysWOW64\msiexec.exe | address = 0x563dbd4, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 90430412 |
|
1 | |
| Read | C:\Windows\SysWOW64\msiexec.exe | address = 0x7efde008, size = 4 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x7efde008, size = 4 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x70000, size = 118 |
|
1 |
Module (567)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x743d0000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x73c90000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0xd00001 |
|
3 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x756f0000 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | base_address = 0xea0000 |
|
21 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | base_address = 0x743d0000 |
|
72 | |
| Get Handle | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | base_address = 0x73c90000 |
|
27 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75a20000 |
|
1 | |
| Get Handle | sbiedll.dll | base_address = 0x0 |
|
1 | |
| Get Handle | guard32.dll | base_address = 0x0 |
|
1 | |
| Get Handle | dbghelp.dll | base_address = 0x0 |
|
1 | |
| Get Handle | api_log.dll | base_address = 0x0 |
|
1 | |
| Get Handle | dir_watch.dll | base_address = 0x0 |
|
1 | |
| Get Handle | vmcheck.dll | base_address = 0x0 |
|
1 | |
| Get Handle | LOG_API.DLL | base_address = 0x0 |
|
1 | |
| Get Handle | pstorec.dll | base_address = 0x0 |
|
1 | |
| Get Filename | comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe, size = 260 |
|
1 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
2 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
2 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
2 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
2 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
2 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
8 | |
| Get Filename | c:\windows\syswow64\user32.dll | file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
8 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
8 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
7 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
7 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
7 | |
| Get Filename | - | file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll, size = 2048 |
|
1 | |
| Get Filename | - | file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x778825dd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x75a3195e |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 90431120 |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, protection = PAGE_READONLY, address_out = 0x6860000 |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x4cc0000 |
|
1 | |
| Map | - | process_name = C:\Windows\SysWOW64\msiexec.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x400000 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (58)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14288942 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289102 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289182 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 197044 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 197044 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551600, new_long = 46792704 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289262 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 197040 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1943169465 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289342 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 197036 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289382 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 197042 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289422 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 197038 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289462 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 131560 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289502 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 131558 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14289542 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 328120 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14332694 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 197052 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14332758 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 197082 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14332798 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 131554 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942729877 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 14332878 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 131556 |
|
1 |
Keyboard (130)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
17 | |
| Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
38 | |
| Read | virtual_key_code = VK_MENU, result_out = 18446744073709551489 |
|
18 | |
| Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
37 | |
| Read | virtual_key_code = VK_MENU, result_out = 18446744073709551488 |
|
10 | |
| Read | virtual_key_code = VK_MENU, result_out = 0 |
|
10 |
System (10)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Cursor | x_out = 439, y_out = 647 |
|
2 | |
| Get Cursor | x_out = 757, y_out = 575 |
|
2 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
2 | |
| Sleep | duration = 41453596 milliseconds (41453.596 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 |
Debug (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | - |
|
1 | |
| Hide | c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | - |
|
1 |
Process #2: msiexec.exe
5033
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\msiexec.exe |
| Command Line | C:\Windows\SysWOW64\msiexec.exe |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:48, Reason: Child Process |
| Unmonitor | End Time: 00:02:19, Reason: Self Terminated |
| Monitor Duration | 00:00:31 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xad4 |
| Parent PID | 0x1c4 (c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B24
0x
228
0x
B30
0x
AE4
0x
4BC
0x
AD0
0x
AF0
0x
B3C
0x
BA4
0x
BB8
0x
B44
0x
B14
0x
748
0x
890
0x
B88
0x
B2C
0x
B28
0x
B40
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rwx |
|
|
|
- |
| locale.nls | 0x00090000 | 0x000f6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000100000 | 0x00100000 | 0x00106fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0013ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00116fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x0014ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000140000 | 0x00140000 | 0x00146fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x001cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d6fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e6fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001effff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0026ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000270000 | 0x00270000 | 0x00276fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000270000 | 0x00270000 | 0x00277fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x002fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0033ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x0037ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x00428fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0049ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004a0000 | 0x004a0000 | 0x004dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004e0000 | 0x004e0000 | 0x005dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005e0000 | 0x005e0000 | 0x006fffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005e0000 | 0x005e0000 | 0x006e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005e0000 | 0x005e0000 | 0x0061ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0063ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000620000 | 0x00620000 | 0x0065ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000690000 | 0x00690000 | 0x006cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006f0000 | 0x006f0000 | 0x006fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000700000 | 0x00700000 | 0x00887fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000890000 | 0x00890000 | 0x00a10fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000a40000 | 0x00a40000 | 0x00a7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000a80000 | 0x00a80000 | 0x00abffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000aa0000 | 0x00aa0000 | 0x00adffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ae0000 | 0x00ae0000 | 0x00b1ffff | Private Memory | rw |
|
|
|
- |
| msiexec.exe | 0x00b20000 | 0x00b33fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000b40000 | 0x00b40000 | 0x01f3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001f40000 | 0x01f40000 | 0x020fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f60000 | 0x01f60000 | 0x01f9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001fb0000 | 0x01fb0000 | 0x01feffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002010000 | 0x02010000 | 0x0204ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002080000 | 0x02080000 | 0x020bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000020c0000 | 0x020c0000 | 0x020fffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02100000 | 0x023cefff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000023d0000 | 0x023d0000 | 0x027c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000027d0000 | 0x027d0000 | 0x0280ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002840000 | 0x02840000 | 0x0287ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028b0000 | 0x028b0000 | 0x028effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028f0000 | 0x028f0000 | 0x029f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a40000 | 0x02a40000 | 0x02a7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ac0000 | 0x02ac0000 | 0x02afffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b20000 | 0x02b20000 | 0x02b5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b60000 | 0x02b60000 | 0x02c60fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c70000 | 0x02c70000 | 0x02cf0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d60000 | 0x02d60000 | 0x02d9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002e10000 | 0x02e10000 | 0x02e4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002e50000 | 0x02e50000 | 0x02f50fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002f90000 | 0x02f90000 | 0x02fcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fe0000 | 0x02fe0000 | 0x0301ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003040000 | 0x03040000 | 0x0307ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003080000 | 0x03080000 | 0x0317ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003180000 | 0x03180000 | 0x03280fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003300000 | 0x03300000 | 0x0333ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003340000 | 0x03340000 | 0x03440fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003450000 | 0x03450000 | 0x03550fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003560000 | 0x03560000 | 0x03660fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003670000 | 0x03670000 | 0x03770fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003780000 | 0x03780000 | 0x0397ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000039d0000 | 0x039d0000 | 0x03a0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a70000 | 0x03a70000 | 0x03b6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003b70000 | 0x03b70000 | 0x03c70fff | Private Memory | rw |
|
|
|
- |
| kernelbase.dll.mui | 0x03c80000 | 0x03d3ffff | Memory Mapped File | rw |
|
|
|
- |
| browcli.dll | 0x73b10000 | 0x73b1cfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x73b20000 | 0x73b28fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x73b30000 | 0x73b3afff | Memory Mapped File | rwx |
|
|
|
- |
| davclnt.dll | 0x73b40000 | 0x73b56fff | Memory Mapped File | rwx |
|
|
|
- |
| ntlanman.dll | 0x73b60000 | 0x73b73fff | Memory Mapped File | rwx |
|
|
|
- |
| winsta.dll | 0x73b80000 | 0x73ba8fff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x73e40000 | 0x73e4efff | Memory Mapped File | rwx |
|
|
|
- |
| davhlpr.dll | 0x73e60000 | 0x73e67fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x74030000 | 0x74041fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74d90000 | 0x74d97fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74da0000 | 0x74dfbfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x74e00000 | 0x74e3efff | Memory Mapped File | rwx |
|
|
|
- |
| drprov.dll | 0x74e40000 | 0x74e47fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x753a0000 | 0x753abfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x753b0000 | 0x7540ffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x75410000 | 0x754acfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x756f0000 | 0x757effff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75a20000 | 0x75b2ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75b30000 | 0x75bcffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75ce0000 | 0x75d36fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75d40000 | 0x75e0bfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75e30000 | 0x75edbfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x762b0000 | 0x762c8fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x762d0000 | 0x762d9fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x764c0000 | 0x764f4fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x76500000 | 0x7655ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x765f0000 | 0x76635fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x76670000 | 0x772b9fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x772d0000 | 0x773bffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x773c0000 | 0x7744ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077450000 | 0x77450000 | 0x77549fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077550000 | 0x77550000 | 0x7766efff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x77820000 | 0x77825fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77850000 | 0x779cffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef86000 | 0x7ef86000 | 0x7ef88fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef89000 | 0x7ef89000 | 0x7ef8bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8c000 | 0x7ef8c000 | 0x7ef8efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8f000 | 0x7ef8f000 | 0x7ef91fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | 0x590 | address = 0x400000, size = 167936 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | 0x590 | address = 0x7efde008, size = 4 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | 0x590 | address = 0x70000, size = 118 |
|
1 | |
| Modify Control Flow | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\sauvegardeprojet.exe | 0x590 | os_tid = 0xb24, address = 0x80000 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 6.51 KB |
MD5:
b72a98db394cdff2da756227b2d3f1d3
SHA1: 36442a3a916d6e0b6ff4761dbe94053d3baa62ea SHA256: e0464059bab7555b02f62578a885ce5537fe187ab2aa0a13e3576f48f676ab12 SSDeep: 192:06kIUGC3zDStLKr38ah0B7aep3ZdaSOnRNaNU9/uZrtQedB:060DSd0Lh63n6RNSeORvdB |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.49 KB |
MD5:
cf0f09005aab5054c106a72fb3adb77c
SHA1: e2ae286822326e9b2dea3157b81fe7b1a1db82bf SHA256: 1db7c6b150178b6a2c2e1a8edd402451febbee358a8fc92819b2d389fcba2d58 SSDeep: 24:NGms4z79pp96CqT0M6n8H0WltVQPn3zhHWUP7r4TTu3yL45A2PwyHL0FVBQAGpO6:NGK79sCeTH0WlnQPYUPIT9L45HwqLYVC |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 34.34 KB |
MD5:
5ddab25fd0fba58f6c40d6814792be70
SHA1: 622b8c70490af81d2098e9c31a2fdfea1f48578c SHA256: 5fe96e7946d0d8d0e1c938aecc9ea86a0112a22c85afca1a083a50123ead292f SSDeep: 768:x9xHBlX4ZPB3E8KLJETCC4EGLNxC64Ek77lTpYC7/ecuAT0fZ:xvHBt4ZdKLGn43L7V9k3XYU/zpwR |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
5778fbe525f5cdf44c5a7e231e8b3296
SHA1: ead6a47363d12022da6f95cf5c61541d55ec1a1d SHA256: 5f1e9891524e5c3f31dc5e961c402457c2a8b39f18e62bf231062ee11f6e7f32 SSDeep: 24:/cEIz/NsKybMHbKeYcIOEX2DGdsccimOBkLUdZaZ58rL5q2qldpWbeC0vpO+VURk:Etz1gbMeeYXzehiFhTaHf0beBcquk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 9.37 KB |
MD5:
0e645dad2744760bbfa6eebb97a8afd2
SHA1: 01856d9ea1e282e00573deb5202da95a6b32d49d SHA256: 5cd74117e414932f106769e91f8bdb056003ac9b797b9769d37d38a990f8b1bf SSDeep: 192:0Zwn41DaidCnQovhkHnifjGabAez6QjAI/B4dZ:fWH+FJfjGaEeCICdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.36 KB |
MD5:
5e59db80e3cee22a71d4c4025dcacbe1
SHA1: 138ad020e71b52870287ebb88c5bd93db4ab4eec SHA256: c9501f91e9661849eb7268f2f086c9721ad17eefbd0bf9ae32c9ab0450142e2f SSDeep: 96:u+TIMfIIhOa61JouQD3MzDCHx7gWSHFvCnsdr:u+/3t6/BQD3M60bHFDdr |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 16.70 KB |
MD5:
babd1f2d5e96f18e6a5dfdcdd5c725bf
SHA1: aaf81ba7aa8eb6d83d8daf5b8bfb95feeadb5d89 SHA256: 848d6b25df64a52c305d2250730ce39c12d3328aadf3d7d076b53c83c17bbccd SSDeep: 384:EPjDDepCwgz3wIBh7o66DpSl/pDv/CAdr:4+pCwPIT/YpSlhDvfF |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
add117809ed2b396ea168da281d0adc5
SHA1: c5e3c5d0c198a4522703e6096368826f3864d5c3 SHA256: cb7695ef1c03a1e5b4649d4545bfe2011f023e51e6c773589a18c0f280c67392 SSDeep: 24:zRlqCrHJfJh0KeraWLemxwasGbv1wQTRzheaEbxwuZee4xaw5aQjS7dFYteC5+5n:z3qChF+p1bv1QNw6ePxawdMuteJ5cquO |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 27.00 KB |
MD5:
b26ac12e65c1681392532e6b04bcbdd7
SHA1: 0922dcaddf7dace58722972555b8c8e613e38c9b SHA256: 17729fab3ebc40da841e0cc24668a66436d9665370c89a4ce935c48227395370 SSDeep: 768:ZPQAuHC9UOxj1ZVD/1qtK06vibBHwdM6XtUEP90zeyXdqKoNgZ:ZPQAuH4t3qtK0uibBHwdM69UEPidcKgU |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | 37.04 KB |
MD5:
c5d41dc21ce101e24239fefd9c7e556b
SHA1: 2c288b40f074d244165e870e1fe8761b9fca6a2f SHA256: 06ed40515af88d4084fb9be35da5049f1a55908d822ccfe9f1e8778979d4650c SSDeep: 768:6ZZGtrZZsr9ZVBDyGerx5UBrnr2utzMVdagfG63QZ:oGTZg2T5UBrnrMjG/ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe | 597.50 KB |
MD5:
ee754ea777505e2fd2870afb325f50e8
SHA1: be8724e9bd48665ae0c6eedbaf8de23e5987dc45 SHA256: 71506a3322b0e0bc6fc2c1a1f0ac844a82a8c3fbbfeb4e6452013b4ade7610fb SSDeep: 12288:td5UKfiOLkxMAgyJ/4zBSqGuKCYminksnkyr2OMnVVs4OgcwdPsc:X5LAHPDuKC8n/dCD9Zsc |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.44 KB |
MD5:
38a55d6468dacc5bbf69f3de7ed9dd9c
SHA1: 9e209b099e62286e2aa920c5e3db61629440b36a SHA256: 76f08dab75aabfb9708bc925839b922307a407f5db1e9c580842e4a7275405c2 SSDeep: 24:zKBk0ruCLcHurci4ocE3vQXyCDCTCdXmAIAPPeHd3lO4y6TeCjCpO+VUR6:b0rVcHuHoE3AC6nIAP2HDWse2Ccqu6 |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 5.67 KB |
MD5:
7ad4bfb18dbe532c6e1faf085b31bb44
SHA1: 98945c552bb0f4b76abe3159331d6c167ea85c8f SHA256: 656dcf75cc29d3ae9e61c0940bf1e600629f2f551f46b6111d2b640b542f1339 SSDeep: 96:lKrgax3y+glm5eAO63R8jNGXALJhUtlom9QQQLr9tQQS2/R9qdzubdrGS7imTHI1:l3ax3DglmUAO63R8pGehUEI0Zmg5kIxg |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.37 KB |
MD5:
7e123f170a1c4e0d7223012343d5d57a
SHA1: a7efd30a3e7c076884884665fae691503ea76998 SHA256: 4cefff60e6a8cc40794e87857979cc0278e8d2c392b9d0096a7fdd7c3f9110de SSDeep: 48:zB19BQ4OVR+yt53Tj0QyunWEeikXQXZ3wcH3dLTMsgDDqlwR/U45cquy:91vmRHtl39k+n9TMsgDDCwRM45dt |
|
|
| C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | 0.37 KB |
MD5:
762dc1684f6ee4fbccc0ab2ccc61b243
SHA1: 8dbe4f88c1f17cf416338289ee7e850e76620844 SHA256: e6cfd5c8cc0358d9933ccb42bd0f5602cdc96e8864ec8844802f42323a7b3674 SSDeep: 6:gp1IgQkLFn4YuGqlu+ZVc6WClUac2HBewYKFYdudUS8ENqY+VAtOCZZK3xnCvMV/:20SDuGp+ZV3jUacPwYKmudUSxNqY+VUk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.04 KB |
MD5:
f04b43af8991b91ebbb0f82b4037ec78
SHA1: 86c6403451a2d039dce9a7b880d8057bbafb45fc SHA256: a5264e048103bb95d4f74b7c617a431f9bd42defae37606c646a7370abdeadfd SSDeep: 48:ZZwj1Zx4j6FV5JV19gUOrSlodXYsjdbIDHXcque:aVicVjV19gDSe/KHXdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.05 KB |
MD5:
80a1f6455dd02a4946f960d44ef246c1
SHA1: 9ff420ad6a25e9dcd2c36533cebf6ad75fe753a9 SHA256: 5f415532eab5c8fa7ffadce28092f5f88dad250a3d90b84b4c80071ed596ddb7 SSDeep: 24:EhRO7WQA8Izx9Ca8/DIOj+Fuu+bqYW7KH7XRemOxYJWjIXlaRlS2MKpO+VURk:K4A8cxn8/XKFOFEmFQUaRlS29cquk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.27 KB |
MD5:
c6714d156c66d2911df66c312722b68d
SHA1: c53bea6c43bf9d53e3ea9e8982e318930cf60f4e SHA256: 9de9e6999d78899947906c2bfaeda3f19d2ddc5304ed6fc2950ecea54737ebf1 SSDeep: 24:usHLi8iT9yQUCydHH56UFgBpuJjbcrF4RqArDnDaKdFGXlpO+VURAl:3HL0ZsZ+2tbwF4RqArr2KdcVcquAl |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.60 KB |
MD5:
fe37b4230a3b06ac4512d73cdfc7d36c
SHA1: 890e0fe2ca366375fa338b794fd983abba8c2de9 SHA256: abd1f4a48451926534df9e68b690926bc81705f8e8582a0e5276827dea240561 SSDeep: 48:Bd/+/g1gnAX0kEXP0stXj1Hy9h+cXdD4QAe1e6cqu6:Bd/+ECc6pH4hx9HVdV |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.27 KB |
MD5:
7aa2cf1f1616e72c6d2bb955548f7f5e
SHA1: 57e1ff0616683b106a3cc12dc755e8338bc7eb98 SHA256: 622efa8c25e3f1ae464b53e435ba8739a9c5a801f6a3b93e33faf7e9774472b0 SSDeep: 24:bEFqGRuXCWMnUAN7eWtQvT9xdedKfRRBG3NcFUmQqt29SpO+VURAl:RGRuS1nlN7e2e9BG3iFiqxcquAl |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.48 MB |
MD5:
702d6ff89285b8dd2236b640ec15d814
SHA1: c30524cc4592f4770a853254ba0fdfaaf90caa15 SHA256: a8cb7fe25d3a684c1d8672e7e509333dce960df8397bad3163b18330a19b24af SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ6F5sy0SauOGw7ov:fqLVW6vHsy02/Xv |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.14 MB |
MD5:
5b92c8dae5fee3e68c2ee2c2561e6a6e
SHA1: 5a60c2110a36c205888ecb97b68727d7a575d87d SHA256: 7304c8594ab930f2605a609e08ad97abd60b5e806f41795153c50ed87af717d2 SSDeep: 49152:zDxL8QBo6Tex4S120ytJycuW3Pci1hvWrhFFawPUQMyP:zR89j1U9cUuVbawPXP |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 865.24 KB |
MD5:
9f676d541a88a63e4c0fcfbbb6b349b0
SHA1: 02c876eb13716b8492147d492eb40318f66a5768 SHA256: f4dc955baaadeb662fc05812262582f4267d64fa27cc0c7f27a90ad115fef558 SSDeep: 24576:HUE6+CcXJ4gxRxuTge6ferywhWWdIQ50+14vl8GP:pXd9pwhtd5h1g |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[GetDataBack@fros.cc].gdb | 65.85 KB |
MD5:
3fe518f401734e00823c8cb59552c5ec
SHA1: 90d17e201db829d44de26aa36aab65c7bd02bb3e SHA256: 0bbeae761a30fe358380cc93a18ac0f2321b9f10b6448950f5ff1fc7aaa24a69 SSDeep: 1536:+hUgBnUt4lfZBgollwnWUcshGbw5FOY0jH:+ltUylfRl6WUjdzOjH |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.18 KB |
MD5:
cd8f2f1f93b18f36cbc474ab84f01a50
SHA1: f11c87f88f9f8bcb21c27c7186d3a84084f470cc SHA256: 06b7538c5ddb495d57b667037c0638cb36321d32994068736ed180bf26045225 SSDeep: 48:hFcT4j898uxieOkNcPxdBI+XKbceigvzBNcVJvm+53UiRlcque:rc8459km+Xoi4Fiv13UildZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.60 KB |
MD5:
c2f17e41c9fa73da2316e243b7f4ab69
SHA1: cbddd605ff602d674349f7eeac50c207a5bab7e9 SHA256: 42888d4e3eeda7d5524402210abd77fc40b323d77d0b9783b39b1e9f5dcde03b SSDeep: 48:uqShOUmmcalTzTRF8j7C1nmFLG19HdDBorHcDX3iDDcGcque:uqSh1ciTl11vVorHuCDDcGdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 32.48 KB |
MD5:
c12bef59ebf32652e6cb84e9a666691a
SHA1: 41956e1b76a4480d23aabe1209f683b5c901e53f SHA256: 4dd5c93bf680344866f468abe684e513c9dfc154b58ddb07c8d6a068e703103d SSDeep: 768:1n7/rlgr1DAUji8F+My/Wg92VKmomqN5c9uDJhubZ:RFgh1e8F+D6KmovTc9oja |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | 26.79 KB |
MD5:
86e7b21dc207abe878196275b4062a3a
SHA1: cbbda8fa440a52c904e7fc778ab781ddd64852b7 SHA256: 82c722f2ef548d770db00ad0bbcaf5ece7f60481fd38fdbef40f68318c2215fe SSDeep: 768:WYnugA7jCI0hA3MQ4k12QvAAivdnXUoKJ86k2t:T0CHhtFe2fAilnDgku |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 582.61 KB |
MD5:
7d9185fd5d805788ba7c2b9c6e5c7bfc
SHA1: bccc953f0f770813374837b6ee0ba29aa97fe4ca SHA256: c7769b46ec497c0ead33b3db592e4d4b553966f45e172367106de4a2c253d0a7 SSDeep: 12288:Dzydu7IKqOmVnPnynqPjb2Th/HKPAdDoo2tQOzkDGhrJa+k:3ySIKqjRDjb8NKIdDzOzuIsB |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[GetDataBack@fros.cc].gdb | 38.34 KB |
MD5:
0174138c365fe3dce525161068b201f3
SHA1: da7a810b5e22df5547655058b4e918bc44162299 SHA256: cec7790a40b742172cd327c1ea29d0195b7a3cffb810da470386d52e09662bc4 SSDeep: 768:IINFc2hMV4QYNQ3fy1YWb5O+H9Uj/Khfutyf82tCcA+jt8BnB79PmWI4yt:IKmBVS59C/6utyf8tcA+jt8pvPm9 |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 16.52 KB |
MD5:
53022c80e4d6f552717866bde0ae32f4
SHA1: fdef44902db6999a910d62e7cb88420b3ee8eeda SHA256: 428d23a6d136babc269dbdea8b032ccae11d20bada03f31a4604794af5e7c10c SSDeep: 384:tCDK+tbHcLSOkUrsVWrzPjpMASWpiHVIzbfcrcBY81ZdZ:ADK6bHc5kU8WWDVIMOrX |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.03 KB |
MD5:
ffaf6e74d43bdba72370048bf78d160c
SHA1: 5915aa5517dfae25553c3f92522f66d4572ca81e SHA256: 2d480b3d131a9183d5c05ac488695ddfd1e9a48d0b86c4011fcccd7ee0388ab3 SSDeep: 24:APavACVe09chxOj4nJFhxi2FM9OY22Lmy9ilAoGtOnpO+VUR0l:AQVe09chxOcJnxg9OY2hy9waAcquc |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.54 KB |
MD5:
ec6e614494d5d2baba425516d97ba071
SHA1: 7855a2653b0896c31186ce75cd4ed4f717bb35fb SHA256: 9d2601994cdf2fe33be87c3f279c36a3a16dd2af1ca085c02277203007c24b57 SSDeep: 48:OelpgdYGp5y8Tb0L+P/9P3HdcKbUEKnNlCCzgomYnKrgl50E7Byecque:OelpgdPoyf99bu39FJb7ByedZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.80 KB |
MD5:
c280946cf8eb45a05a1a0216aa0f972e
SHA1: b01b112dc142b8f7054c4fedd83eb7e0f7b4009c SHA256: 6ade530fe19b9cae27a1768ef8da97d512f2461068182967caee771bd6e351af SSDeep: 48:33X8KYYJ3Cy+AO6HSw6eyNTKqjqF0I2gcZrEllDtYM7CiVZb9uywX+x0PtDN2del:HMU32AO5wMNvS/2HZrcplZEM0PtDkdel |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.47 KB |
MD5:
af3dadad9a933b7a69be3fb73c6d5988
SHA1: 8ea5038a9b8f89fbec9e7febfba4dae0f63a23cd SHA256: 9bf88f9a2de455ee2317d5c3bd6366c90841186330082ff8c52e808429c3990f SSDeep: 48:X9YHSzjUUkRrneb4w84YaqJYVbxchblJP4b/3z+ZezP4yG0Ydfonckcque:X9cS3ARrU4w84YwVuhR1cieP4yG0Ydfo |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | 0.87 KB |
MD5:
2862968c37e9980e24921d7b5518c214
SHA1: 1411c49bf8a89bead36b285db235d1d3ad2904c1 SHA256: a3932e48fc3a40bbe08f2302c14dcec06aff5366e7de1190a956b6481f95177a SSDeep: 24:Mp60CBEMYhQy8dDoDiXqmKFmabQDV818rTVXygnz2pO+VURy:ipC2MYCd1fIZ8BfIcquy |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.63 KB |
MD5:
fac85c4021c4375d913332346b50c6b4
SHA1: 63fa02c9280e88ede2e84cd10143a932c56441d4 SHA256: 078abc42269e80b3a86163b478d022e65b58d22599c82c8fa9ef0d3f962327cb SSDeep: 96:H92nYWza957RGB18sBvNsYkAvysQ9wtZI3AzdK4hjAEdt:ezadcZaYk4Qqt5DaEdt |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
dbf50a87cf036cd8b53319cbb1a5a5a5
SHA1: 603bd1434f55124fb8ef7c6bf2a39ebabba31f92 SHA256: ecbd515c83a6e316227f17b0b46d92440dbbecc889baf42ef83cf4f39abf2b7c SSDeep: 48:hJxEQ+3kBUEPv3Lgg9luPcuK0AcC+AhWecque:HiXkDPv7nlpv0DCvWedZ |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.54 MB |
MD5:
2f60bc4c9f30493535406110db115725
SHA1: bc9031e55b2c9df010fbf6f36f66db7ec225adda SHA256: 9b5c5539786a65f9c1886fa0a13aad933d74afa49e3c82add08072a9021d8938 SSDeep: 98304:zDMUwxyODPFhbY12HLodiF4+5riRrlFGW:z4UwVthio4xrXGW |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.36 KB |
MD5:
612e98c48e5b0dde45ef6826c33c2a03
SHA1: df4eb98afcb9ad605d06cbf6aded917d513edaaf SHA256: a3ee6b9c9317909b56a9fe2c78e3aa5d8832d562a218540a683a5563971dc4b3 SSDeep: 96:GYDbyXampd2KYjgmMQCfjAfkjNPreWVz3rN7+Epdr:3/qRYa79jNPrx3Rdr |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.15 MB |
MD5:
f3d9896ec823b10f0655e4640b4e3ce9
SHA1: 7be2c8c6d698534b05a8e2b2615f7edd89dc7ed5 SHA256: fb7d0cfc7e76407e659470bfd1d8c454f4b6560762cb7fccb86310ddc885327d SSDeep: 49152:zDxL8QBonTex4S120ytJyIjdhquHC6dgKXb:zR89K1gKt6dgKXb |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 4.42 KB |
MD5:
389199b0c29020c44e4c5a7635c2f04e
SHA1: 63e2785f34852e2eba7e4df2cf42ebaf16cadaed SHA256: dcc50dd45964299d7dc6fe3cacaee055802bbf27fca4be1b2ee53e3533eef1e5 SSDeep: 96:R6+yIgSZlhg+YZHzzpXsmcNMFg3y17cTqwcScH6lmMZFSSNfHFdr:R6ol+Fzir8OyVFwbjbZYSNfldr |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
2fb10a322517f7cbfb3a6cfe3f7ec571
SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07 SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.14 MB |
MD5:
a2eb48274499a833149b152fd9aa6109
SHA1: ed9407654f08e844ea5eb685e1aa6c5281592d88 SHA256: 94a447e8a3f149f2b73e474eda74b50e9ab8b028df48b129673378e0dc7b9ecb SSDeep: 49152:zDxL8QBo0Tex4S120ytJyeil1f4zfNbw/IGAp3:zR89t1msV4zftWdA5 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
94e32a48409c1edbefa89625df231f28
SHA1: 5679d61a36d71fb297b99a6303e3aa416e5a468c SHA256: 1f777e4b88438e4b292e7c4109d99968b69eb2995b60039c62bfe23280fa8f0a SSDeep: 48:xUzBIvIdkMAHpGvQ7R7HzciM+/bAecquk:mSvpMAWQNHzcI/bXd/ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.23 KB |
MD5:
87532bd649be7ea20e2ff091df8e829a
SHA1: 7c460a82ccbff89dafd9a3ede4cd86b9b396e982 SHA256: 3d37aaf907691958a45839a249d41f60dc83e996000b5b135d7f630f0a85587a SSDeep: 48:RK9Y7PA5fT1KyfEKGOJsRlt1MQuR1CRJcNzKkDHBSLYA/P3cquy:RKugT1KJKGblt1MQuRAJSGagj//dt |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.60 KB |
MD5:
85753d8b5aa841421d6170de3aeb0c25
SHA1: cd9d0c659d6080498647a4e41b007f7740e0b46f SHA256: 83662720631a5c200abafd35141c5f29c3f7aaedd8e7bdb0e1faa413a1106def SSDeep: 24:EmBUgDFQ/pHwMFamHWeS/tSFeSEonwLllnjIVv+UjQgk2lXM6HpO+VUR6:xBepHw6am2eIScSEoWr0Vv+5g1tcqu6 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.03 KB |
MD5:
e917caa77e729aa47703bd67caa22000
SHA1: 64006bf57d5999ca8501f608186d8503d94fb9fb SHA256: 4b1cd5e9fff5c4d0d0a5b94256855822910f3bbe52bbd31e0d9665c282e8ad55 SSDeep: 24:h+cgwZ1d+T1ltWrpAJQ4LmpVNzbdqNyaLpO+VUR0l:h+cZ1Mripzsvcquc |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | 65.85 KB |
MD5:
239d011cd94d2b5375a43b2647f6c30c
SHA1: 5bc2a9e884d9cd92ab8a30964f3360ae5056e61b SHA256: 11c290afc255fd1f502e7e5a30cc03ef27e00aa8e5ecd8a3b25d80e9857be7f3 SSDeep: 1536:qHOSeHxIIavxk+B4Dp8GQivJLm8+L3ie/hMh44KHxt:qHOmIIxv4Dp3QivcxL3gAHD |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 582.61 KB |
MD5:
27c280ae20a88d6b023dcee08ab4a701
SHA1: 4a272567fbb71a1ff79023bc5920846f4b8ecb3c SHA256: 43ab1900850c94804ab361da3db5b9958a449d725dd6fdefa4fcb1f6ede46d67 SSDeep: 12288:tT6rSb8GB6Pz2jxN34ryqu9UCLHHvD5lpBE3iF1Xi16vwhjJ/FmCb:tT6rkH334mqqUCDr5pPG64xVFmCb |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
b7da4d25699d20eac31adfa694507d5a
SHA1: 2da3a9c1a33affb7c7c24eab8542f8efb178e8e8 SHA256: 66262af057ebfdbedb4bc136d62a08798dd461f020d0c96bd4b3a76f92fe47ab SSDeep: 48:U5Z3hIdWdbm2NQKkquiVL8Cy5FCftBkRwqcque:U5DIdWdb/tkqJL8DSILdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 20.33 KB |
MD5:
187f1fd1753eb3384298881bc40e06d9
SHA1: b310cd205283918e4b81653a5248a31bf2366f37 SHA256: 5f9d310e6fee8971b780860dbbd7d6323a624ca52f2daef882915ecfd5b66732 SSDeep: 384:GN4AIvHg9KxozeJwylOVyADocOJZ+OO7Ifcp/psnnuFB32/XM4i8dZ:GmtPgPeWyQ7D/On+OaCnAA/28X |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 24.89 KB |
MD5:
abd5234ad2e8b0db21f72bcf24cfc37d
SHA1: 1add5cd17d248355197bea7afdf0c0dc38184ee3 SHA256: f42accd832039c00a26d37b08700527e78b26ae2b70bb521da6350107d6a5757 SSDeep: 384:oV//N3aenJLXUHxmwyy53foVlpwuGvrTIDZYZ0zqndE3ifigrDRpmn4pZWdX:Y//N31FYJJSwu63Itlwd0mr6dZ |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 9.51 KB |
MD5:
bc184749ba51e73ea113ca3cf3e64b3f
SHA1: 4c4f01e9da1b81e41e2b5ca1b9dac330563d51d3 SHA256: 0759d338fa3256fcf54df78aabd3a28890fd700183beb42ee72f14a28116edef SSDeep: 192:09r1SWOFyJ/WkFcDWIDFYiUabv020s8qtGy/MZrtxHajAQ75eTK8dX:UOFEFcC+Yyjws8Cj+25eT1dX |
|
|
| C:\BOOTSECT.BAK.id-9C354B42.[GetDataBack@fros.cc].gdb | 8.25 KB |
MD5:
9a5042baea9eeff042a88cbb5ef43cce
SHA1: b9e11a02f17bee0d5b9f3344e7b8ccbf85c4ea57 SHA256: 4c7b7ab34392ad16198364d7f21b84001ed017bce91fc66c55e3224431b643c0 SSDeep: 192:HR5fM52vqw+uoocbeoZzUr8cO45J78m4LzgXSm6RAnzdoAvdX:xRE2vqwHo1b6Hr5eBnRAnp/vdX |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 20.33 KB |
MD5:
35d0ba60605e1ce9275c09fbb217ac39
SHA1: 48cdbb56ef8deb4c0846765829b721636f438b97 SHA256: b18d5f7e88d5a6d3b0360bef4c70e5ad02fec59e39be00d1e748e9813755ed48 SSDeep: 384:zpOl8h1oDtKzTkeHXGbtu1ZKdru90gKTnWqCoodR5js6yXC91dZ:Aah18tETkeHQtgUntDw3DyX8X |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 16.70 KB |
MD5:
126f3362d073b8bbbec1f00227df450c
SHA1: add773ba1003fca0750b251389b20b26dedccb80 SHA256: a31636d24fd7223ebedfc5f33b8c4741e8cb0a2f428e2184b8aa407a6ed99009 SSDeep: 384:V836aUfe1rKptiEQwsaR2nPLcS6XNuviotuG6WhP0MnCsssdIqfitVUleIQdr:Vo63mR2iEAaKIS6Xovi+unSP9djfic6F |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.56 KB |
MD5:
e47b564bd86263155ae1598586659512
SHA1: 9d873004081239659a90e1daf4fecd31d1e6e6a6 SHA256: a23dc97c98a5d92e3a2ffc824f223c2e778f4e1ae2177100f505ce94fdedf0cd SSDeep: 48:lXjc1pyCzM6Oun8ee+f0vcxIuTWsJeAGu3mRcquG:lozM6Ou9flTWIeAGu2RdB |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 31.32 KB |
MD5:
d46e5bdc18e03ac3cfa3b58bd182536f
SHA1: 8c07b0cb3b5c13dc804fa41033c17a815af3f93c SHA256: 0f3317b8e6d6e7a427a14bda21c8e1b83b92794380cfc925e78ec6567b56552c SSDeep: 768:Ad8koS8QFMvKYHcEqp151YmmvBnEEVI575nRpC1Z:AOksKScEW6OYI575nRpCf |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 9.37 KB |
MD5:
1431c7bd379cabb6527da12087e4d8ec
SHA1: 18bf5f73d4a10b0e670924512ec0b278fab09474 SHA256: 1ed6ea43a3802747b61afc151e7a69f4b88be2208f90efe52d1f5a3ab43a9947 SSDeep: 192:Cu5alfbnb/lqyUyAZJnd7oe7pZiKh9xz4SefQibZHuEYkk4/dZ:Z5alfbnxTnAOe7pZLhSfQibcEYr4/dZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 20.32 KB |
MD5:
b16fb27a1a7d287ef011c70d1d3b8e27
SHA1: 3c4738a5fd4c013fedc1c0356d4e6dbcf1639173 SHA256: b8883aafb8a0e68ba00e0b8af06b7dbfe120971ded0c34c5608dc42b6977d2b3 SSDeep: 384:eG7gl5VnH0mzisfO8th9gBpxkiM74WwNMda1V161sprRpga5AjZhU3y9nL74iu48:18ZNzisfbgBpxkd74Wwycu16rRpL5AVi |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 42.50 KB |
MD5:
cec0cb4878867c041e1cf75c80d4072c
SHA1: 39bdb052e39506fa7d74b486c5204d207923236b SHA256: 65db1c370f76418629950c8d1c9e4c029ca5a2c7a1bcca43b263de752bf38e24 SSDeep: 768:YuPp8MBFn0oLC96dCHIe2bweE+vM5C7/QInE4IV9QAggN321BMvtteohvnId3vs9:tnO68TilhLQiE4M97dl21Wfwv81n |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.80 KB |
MD5:
0e0ef73a33b5f2ce6fe3e0bfe0549d1b
SHA1: a71e8a2f21eb58e3fe3cbd18ad42e0c5c8e66460 SHA256: 7fba145519566eea9b61bdc4b9962140b2bbcafd598238c34e37ed22fd314408 SSDeep: 48:ZTMkvoa4VVKqTV4TtFgh2cFzy9HSiefEJScy0Mb6ItEpB0EhJ708ZVe/D0V1aAhX:ukvI2mV6/nyy9/Mcy0MdCpJ/7DMMhdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 9.51 KB |
MD5:
41537d05e0f5b0f59d0349ca14a207cc
SHA1: 57f91e7b21ce81284b5e4e966210827ebcaf9fa1 SHA256: b0b1a8cb405be62b9a04bc640bb2596d8707bff644f8d5fbcb15dad1f01e42bf SSDeep: 192:A0vTO6MrzQ9pdC/12168NhJBOVuPFOY0tbhuOQQVd5vdX:A0va64zCjz5IVEOY0t1rVPvdX |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 4.42 KB |
MD5:
5009ea9153f3ca3b986f7984f3cb04d2
SHA1: e6a78a5378cc753e76da345654dc61c94aee4e6f SHA256: 1579a8a13ff54e2bbaa7c878fe871d0ab143fc103cd7f47de3602db6c32a61cf SSDeep: 96:upkdCliFAWUVVwVVO/sQr7rbBokqsSQlFqbQGHVMfkYWjcTcSkdr:upkgl57wvOEQr7v6k8QlgdVMMYSJSkdr |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 32.07 KB |
MD5:
8c1a36aa88e261d3efb3d367b07e4867
SHA1: a6ad28ee00b3ecf63792f0ad60fbd9472f4bb963 SHA256: dc174635244201fb53fccfb18c0615072deb0f950a41242df8b157929e289942 SSDeep: 768:WI7s5xttTXQ5yFwRLj1BSOORFDK4/qiY/pwidE8aaBgaaCCFKPlO5uYpLzZ:ns7XQqiSFDK4yiY/62BfCFUs5lpx |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.90 KB |
MD5:
47fbe67fc520380b9687e1a537784ed7
SHA1: c101774345cf973ff3612e90f085a760a27299d4 SHA256: 9283268df918db43b8f09e5cd5aad97d1154c9cdc1d31fea2c4eda2379ec3339 SSDeep: 48:YQRQxlt60om9lHPQoP/1o0BEUIwsgoWzUmJ/rIe4QKSPkaCgcquy:Yro5oFojw9o678e4p1addt |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 582.61 KB |
MD5:
0ae368e7e00fcded2d84189b1d7c516e
SHA1: 4bdd91ebb8a89374d75cdd4130b0d2d6aa056f80 SHA256: dbb0a04f622959d7ee3d4146d80e74e7a0afbb35073876be0aa40a15b1f0542b SSDeep: 12288:ctyvUyoBTohW3rQbmEHBOP2VGkfqvpIUJJDv0fT+cV:pvUyoBUgEbpYuMkfqhDkb+cV |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 4.42 KB |
MD5:
923b77fbee59b12f2cb4275aaa349e16
SHA1: 080fbf743f5c824a789fc0a8d383a51713ae294b SHA256: 32573b1a034cf541fd8de9eaecf962d8977f7eea772216cace8bebb0b2e89407 SSDeep: 96:2SGi0eq/QTs53qIsw69LinAGLixTJ6cfMLsqtbdr:+i0bGIsw6LitivffKsqtdr |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 6.33 KB |
MD5:
f8f5b611e55830b180458d3c8ac43ad4
SHA1: 4355506be7c1f6ffbbb97cc9aea875379004f283 SHA256: 97e2890a611bec64c71b2fe8bc763f7ce91d2a1ca937a93027a122e303c98654 SSDeep: 192:Vk5JKWuMOE8hLVtaaIwBV8wYZZDZgwuRUmdZ:VuxDiV8wY7ZERfdZ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
3d0e1f18676626331ffefafe53b18248
SHA1: 80d370bf723a4b00b769c1a7266d63de82280ab0 SHA256: 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f SSDeep: 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.80 KB |
MD5:
e009947c1224d51ac1934449af1fb9de
SHA1: 915082fd1c41c4497a7ad2be16fad9aac7ca5fcb SHA256: e215ab9835cc516708f726c6d71160f852ad127f1cafd9863d1ec3e6453a430f SSDeep: 48:rr16RVkG9TlPbbKIdDPwq2G3PIXBJxvaz2cque:rr868TJaaDPwq9P3z2dZ |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.60 KB |
MD5:
ce17c431da69beb8d629e607ebcb86ea
SHA1: 359974bdc861c3ba7e1ab987a1c6425d60d72755 SHA256: 893ecaadfa063b1d4b4e343fbbd1f56a2ec8baf5ca50b3e099388dd474dc49b0 SSDeep: 48:ER0Qf+syClgb8S7b9gkXuiJQtTSuA0XHRlKDhzS1K2WmVLKRk8/94OemLcque:ERYsyCl+z7byeuBFxXHX0o1gegkROemL |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 4.33 KB |
MD5:
48d6366954703db3195082d7a5361685
SHA1: a4279f4ce6b82e461fae6a0d137a3e952118e194 SHA256: f7160cab97ebca29c997dea385340c18e1bf491af84621919869a6422474a9d7 SSDeep: 96:yjeDoLYq/lqw9LAhmbFv1VL6VvnWHKXC9WEWp2fhZpI6hrggvjSBV4RdZ:yEoLYWlqw9LAhmbFvbOvn64SWEWpo3LZ |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[GetDataBack@fros.cc].gdb | 26.79 KB |
MD5:
e4ebe66cebea0e0409deb8232a766139
SHA1: 97242223b91b9e7318c61534e489a7fba314b1fa SHA256: e1ac70a7e48a7338a8321c3e30e14209862b73c2d937ec168773a0d3e9b2b0eb SSDeep: 768:nXOlMaOAOgIIOc3fvoKCgjTl29mGBRytpPX0t:+ulw3fpAMZtNE |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[GetDataBack@fros.cc].gdb | 14.94 KB |
MD5:
d431e85a68670f5a15fbd33f2f847f1a
SHA1: 4934a89540f1d09c23fb86bb697005616373bedf SHA256: 69f232c277a6b90a23b1d1c9bc78f922de313e1692d3760200f6c577d8325c6a SSDeep: 384:ZnX6GGZGsEOcObt/Zrib9H52t7684n/5Tetw/eVD/9vOQUdb:pw0kZUHI1gey2B/QQU1 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.78 KB |
MD5:
fa09cc57dc773cc1d28301104019dc75
SHA1: 5dd9e294bbe8e4fb4edcee3ea22ef78bd7bb8c3c SHA256: c37cdbb85817bfcc6786bff42bbb36c716ff06d75a70e017c180b51b8a054184 SSDeep: 48:Ro90Xc05LRoZoES1Atd+bB9JUFcM2NREQkiZheBbm4CKPcquy:QURns01DUFeNRJvhB7KPdt |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
f1f2f2442d25ed431ad4a55b30fd6744
SHA1: 4354819ea5344e88b23cf7f0566d4d11290ae96a SHA256: e768904192cc05fb5d35520fc9e2979d9b66077e34f92ff59daa8fca733b6cc7 SSDeep: 48:PXuyDhjE007iLeJMu2u5HSbUeoWDVj0u6cque:l+00UU5HCULyv6dZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
2fd91c43630e0fef2a653b23131f1db2
SHA1: 50e5332212ae1ae15dc524364bfde41c417550e7 SHA256: 9808ebfa0709b4327b977ba2e2aab12897c047ec047d70bcf7f267ccaefcc53a SSDeep: 48:fLvg/33Tq0c8ft0iIdqfp8QPtSFmkTpddJyB4ZRJJrkQk2tycquO:fLg/33+0b2iqqfbFSkkTpM8b3kPdp |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
4fb6c079967f604d4b8cdf477caf6de0
SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | 69.80 KB |
MD5:
9faa87231770b373bf6273cfc4612bb3
SHA1: 5390b232787aa39535a75fc279992716ae93bf99 SHA256: a39e9b9f3c63f5f26f589697b83b32b183d0cfd978c623cba4a9db1562f2f554 SSDeep: 1536:zO9j6nUX4F59FyVl/nyi9FUYW3yezVDe5dTkrN:zONIFyzqkUHieJDup6 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 848.75 KB |
MD5:
b8ea64d79c3ae41422173b97fe38db3f
SHA1: 7eb71e708cef87a52c6f4206583575f96d4acff5 SHA256: 6717c12a795029ea0413f905404b2ae9bef78c3602e2bc8462b952c021a53d07 SSDeep: 24576:JKynfy+y84iCTgX2kq+dCJZ82mJnrOImDptoO:Jffy8CTTgdUmIImDpl |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 4.33 KB |
MD5:
842f4c3ffaf4391d0890b48bd0acb9fb
SHA1: a505ba8da2b8a4ad8bf18f081bdec649350ce47a SHA256: 1426c8ef623f90718cbcfa2ed86b313f85d8ac2357413e1c9479d340fa95d6d2 SSDeep: 96:qOCX0WclYbGlePs2IRkGFqnUzcruYcmXH1Psfrz15y/iKm/ZOGhdZ:ReORkGF3zONtlPe/58GhdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.76 KB |
MD5:
0b647497944446d70e4ae40a2bdc818c
SHA1: 7074631d53da8766d7e0e2cddcdac4ffa781da1c SHA256: f0ceedba9b780094265d867d97e510c7ca65d25a4c7c7fa1de9318b818aba32b SSDeep: 24:lkZcyoJMhkRsOC9iUPvDBtfzRZ5OTSpVeqSytLbruv7I+PFWkfpy45zGdCAXxpOk:ll+CRvUPv9tvITSpH5eDFWkXFGDhcquc |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
92b151c898476da232dc45a4d49ecac1
SHA1: 87ac119e67359a1d78cad856d9cdbbe9f15ae12e SHA256: 86d89a4b2e0017670d4a91d9c1752ce19c6ee35c19dd57bbc643adb83551e689 SSDeep: 24:EQs+5xUZgLROl4d8bIMBPjz9HSQrk/egMHcFYVRDh/PTvqVeCspO+VURwn:Xs+3PLBd8bjz9HJzHcFYzhjqe5cquw |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.07 KB |
MD5:
ce4bc0d29af8f73412bd050ffb8411b6
SHA1: 317e6b4461b223088c620363ee0544e7e56cc5ad SHA256: 8eaae8cfcf8c876b648467fc7fedb824f6ba485c661db542a4d3a84b11ac6c26 SSDeep: 48:QinkmSiAKJp5Ig8sPYbCtMIsdgXBvQ9Tjj94sOfKAlMbE1qeDQeWT5cque:M0AUp5Ig8sg6MIsdcB+Tt4sOfKjbE1qT |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
b061b7f342b46b54d2714e3a00e91251
SHA1: facc357fc5d0ddd18171b7df3e17ef08267e40e7 SHA256: c5880de46b487b5725f5fea148b1f20578f8be1e1f63d9abdcb0dca31d1e3ada SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+BdZK:MUvTiNhU4L7tZiTnprP0txRsBPK |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 20.39 KB |
MD5:
827ff81c7498b79fab9f435a32b30c8f
SHA1: 1790f053019eeb87388ebff907a5f34b3e842b93 SHA256: 787ebd6bf41b64830ff09313d74bcc281b3fda14a9383a51a06d10dd49e852cf SSDeep: 384:hv9eYU8RLwASAqc4SZWNWR6WkA0o3PC2MTJ0zLnMfN+xb880Tf4L7dX:xvtwASAqcYPFAv3iTJ8nuagHuZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.04 KB |
MD5:
08e482e5f21061d1d91b050ff21853e4
SHA1: 6471e47ea1a02c9f60b41d75fb6211a30ff41204 SHA256: 7ad80276d202e3402778231625dea08c13ae6c352b8c27c11a375f8b49adc5ee SSDeep: 48:j1ipLCfGk03F4APZCl5Cx9lzLTLRXF+ozldmGkAxdJcque:jCL5k014APZw5Cx9JL3R3ld0AJdZ |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
6b078cbccbab0d5edeaa1d85f11ba58a
SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 8.76 KB |
MD5:
3d0e9755d407b4cdf9b434190d7532c1
SHA1: 0772d33ee3e44ff9e305c31c4a1921575cae3d0c SHA256: 780ce59eb4b0bf7c3c670abb96839ded24c77e5e1a8d38db994d2a1fff244a44 SSDeep: 192:lGI/8jOHE983sGIXcsxpg898aK8zAwDB22rPdX:MlevIsfy33JrPdX |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.14 KB |
MD5:
ae2e44521ec1d41632f274cdf9197a56
SHA1: bb1b635dd6fbdf3677badf694a4099f2a0af06b6 SHA256: 8f57fa23973cd8b6f27ac09bb70d643572ffabc6625fdecffd4663c1e5ed0923 SSDeep: 24:nzw8l51Xbx0PuiGNCc2OSFDU+amv0idGXeUGAoceC0L3pO+VURG:nkoLWWiYWFQ+amv5dxcerjcquG |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.16 MB |
MD5:
ad7e19a89dd09b06a3809e4357c32ec4
SHA1: 03f0a5074b060593b5ff4b5b7be9ed3fb1c11ad4 SHA256: 05ab5076fca24e4f079b937012ecbf49347cb3c1977b5c63c17645ca9bd064b1 SSDeep: 49152:zDxL8QBoSTex4S120ytJylPOekwwFeKmVAfFq:zR89r1BOe39VAfFq |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
61eb209eb1ca9d896a5792528901ef64
SHA1: 677dbfad8467408384f0d2aee7c8d74adb9d45b1 SHA256: 11ccb0a9f64fd76a8f165f5350111ace923fc3ed22d748a175ac2995beb4e85b SSDeep: 48:FfUayaMr2X3sG05IYaICm+m/kcmsFdnmMwTsHGRcque:FfUaur2X3sLnaIC3QasaKGRdZ |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.05 KB |
MD5:
4b768f90274621e1be50df3a2ca83669
SHA1: 672ee5444ac2515a462fb214ffb45283a5cfaa2a SHA256: 23ff5b317007317062e7c1e52d16cace6dc922b890585c7b5dd650aa247787b2 SSDeep: 24:rcGZ90FAXl9O/N5KFZHgjjV/W3mqwpmMQVKQS2s4YHpO+VURk:4GZ9MAQ/N5Ked/W2qKE3S2uHcquk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.76 KB |
MD5:
a9552f1e10d78b772f74d4695fb34b0c
SHA1: 2b11dd1798df147cde67e68df30fba3831683d49 SHA256: fec2c16b92761037200911b6a55a5ca6ccd7938b9a2ce72426d5de4c7015c7fa SSDeep: 48:1fl6vzlaTOBkU/5zEVZ1ws69A8HsUImcquy:L0BNwJ6K8Hrdt |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.04 KB |
MD5:
78e2c24df393ad5da5d4d8ab332590b7
SHA1: e64cde1430d7d1eb5c39f3e1ac8a6c533770801c SHA256: de66486e2c11d0c18e39156bb89b7c82b25f58135f8625b145470ffabd3ad4ac SSDeep: 48:0naq7kxZEiY3XxuzAa6ZarFN06YZW0xIcoy9VGVF1o4InMI0m+cque:6aqonErEnFN0hMyOVFK4EMI5+dZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.07 KB |
MD5:
34f410c3b3f68aa5088586bc624e6c00
SHA1: 02f0aae311721734dc2d74394089a1f88179123a SHA256: 9bc22b75d5ef7de0d3d3e1edc451c872062732277d9325cd1199ef2915f70ff3 SSDeep: 48:8TWZ5A0XcjoD+G4SXph4yFa/9X4+iv9Cecque:YEjRSGfX0jJ4xCedZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.05 KB |
MD5:
d62e46cac6447441beeca198cecf8b5f
SHA1: 71569d99f54fcffa4973a812404e8340a769e0ef SHA256: bd330866dd2157c8110b3ce9ceb520ffecb6579584292bf48c1818eeeb99495f SSDeep: 24:Zz2WwAX3MIWt7TN+qLDg6R4EzAJnWS2MIpO+VURk:Zz2dIWtoqLDLwf2zcquk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.18 KB |
MD5:
eb09c38e63ed1c0f6b5933c556ed3a71
SHA1: 249df73bfc9d150173b65f3a89ac1288819dcd3b SHA256: 7af659d8b6967f43508182bfaedec13cf8acc008b43962aaf90eda6885a66acc SSDeep: 48:8xEkVD96ykyOUyQnO3c6IhAcCc9e+Lck7CCudvUKdzyccque:Wh5LOh/rig2Edv5ycdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.13 KB |
MD5:
6dfe81d0a1bd4125b80dea520c5bb06b
SHA1: 68fd871466b20f51daf6b7093188afa9299d3078 SHA256: 2f0c975655f190cee05d176aff150b586a00c1fe9ae179f66e829ad210b10126 SSDeep: 48:F/8dv727i4OH/erQz3X0LoI3F/K+bxsqakp6cquI:F/Mvqi4OH0Qz0kYKs/akYdD |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | 26.54 KB |
MD5:
ffb15959e8b91a778d532d28647f3259
SHA1: 45117a244d158e074e09f98988115b0644559c6c SHA256: d8f9b2a1fae676e94a2eb9d7f5fdf1e6cdc508888625e35ca6ff1ca4c51aedcc SSDeep: 768:mfRMO+S87tDYk3XrDoI5/F1PqDXlnmqHxnXt:mZX+SKRPrP5t1PqDXQqHx9 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.66 KB |
MD5:
5ccd8638b77ad6d48aecfd3980ef5c6d
SHA1: 00f042687d354ec672306a166d5d7f24d9650a7d SHA256: f6cc81b275ed42a2142d3dceae0824cf12452325102a3dd17c91845a5ca1b525 SSDeep: 48:25Q7aZ2yL0ffg2xbVEIA/TYtuOtuVA3A5SAcquw:2C77m0fg2RpsTY0Oq3dr |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.65 KB |
MD5:
d32f3b1b1e482f073413f5a3803ae109
SHA1: f3d1f6e37984dfdb90c242dfed8eac2f1ad7c981 SHA256: b149a95be490bd80233ce9dc05d2789a345817f026960b259187e36d208e8aba SSDeep: 48:FG9qSPHzJgL3t8sgfNvhPlpzdlU1G3A6c+Rcque:o9qUHaL2sqhPnTU1z5EdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 30.60 KB |
MD5:
4a29bb48de07290f6cab155eb4b1e5f9
SHA1: 2989d1b4b268bce556b12cc4519a14e90bcfd4c3 SHA256: 55cb59c46c88629ba2f114785ef7c69b2e1ef05fbf9fa17a02b3d4c22aa31752 SSDeep: 768:CgNk43KKAU5lMhYcazS4d6V9fbWICCWMX:BVfAUfM9aPIV9DW5Cz |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.65 KB |
MD5:
e607a2d10d754dbb541f153898d98211
SHA1: 412a9575446fd701c4df0d690d6eca432ef1a68f SHA256: 918095c44b16af046903a0acbed4677ffab174acefcc07cdd2976118ef883f54 SSDeep: 48:/cPE0K8ixhS+IFlQfp2h/0EyKhHpvUbEjecque:EP0IFCy/hyKhHpcbEjedZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.85 KB |
MD5:
538614f550b980c284c6669bf3858aba
SHA1: 23ab97799f2b36336290968f3f04a2504cf927b5 SHA256: a274240aeca93ae8ff2566383d0168ec06556c9c9645195bbb580579ebe19029 SSDeep: 48:tYJJrTvC7CTRgZQ8NV+IUudAhwMjhH+AVfLC4ZfsJ3Vk8Jb20/saEqwcquI:AnvTTSbNuudA2MTVZqO89j/qqwdD |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 8.60 KB |
MD5:
aa318c381fa72266e85ef282b3826bd2
SHA1: 6c6d3c447d507bf4042eccb9571e3851e6fec770 SHA256: fc5e5d5b2b59556c9ce07ea76eb7edbcf4f20e7bb365e123cb82361480cc6ef6 SSDeep: 192:AjKVfQCsEjAQklmG55BZ9mfHCmr1yMUantloXYfKi6sVudv:AjKV4C5Km0vmJLnuvi6sYdv |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[GetDataBack@fros.cc].gdb | 222.21 KB |
MD5:
b8831c518f8c20254fd788959cb8fc1e
SHA1: ab12818fb1bdb5e56136cd1931283f58dcb7f821 SHA256: beba736d047fa83c5be6835f4a75f8cc0a575f78eb5bc269a86781117e21a149 SSDeep: 6144:wcPiXL/5zUdvdJOrsEw9qOwSS9r1QDNt+65oeLF3ZTRwE:wDL/5UJdJzBq7SkiDLaqzVwE |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
42ac6eff5aa1dad153cb32ec3d616e43
SHA1: 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 SHA256: b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 SSDeep: 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.49 KB |
MD5:
394652636720bdb84361d57020596c91
SHA1: 18c2a4342268444fc57465472c3593a40bc7a8d3 SHA256: 9d8576b53aeeb31bedbd7c037772da1fe8b7d4919478a281c090a58f77141ef6 SSDeep: 24:GjQpLxIxWvFjoslSAVdGB63uFIHHAmTpcEc+6bs8qwd2nka9Mkf+pO+VURy:PtkPAVddqsHAmTpcEc+6AVwcnXWcquy |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 19.56 KB |
MD5:
524db953ef17048e9408e98a959687dd
SHA1: a12c5dfec86176525662523a6bbf3e5787757ba0 SHA256: fe5e452c60d71c518a247c2d82bb7b50d508bde09b8826c8b37b2a42a58e3cfd SSDeep: 384:mRBa6DK5e8bfwyP782MJRSAF5j+ZBlpdd6keABywow2Kdi2rNRk0dX:mRBax5e0oL4U6pD/eYE2hRk0Z |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 6.51 KB |
MD5:
850ddc2b40828d963687b5fde20d766b
SHA1: a0ba4855e6b91a0c7514d13b7f2c7dc50dbe70eb SHA256: 34a5708954179841dd679f72b48ecb24dfeaf7ee2e545d73614f45203e01319e SSDeep: 96:sJZthqYpT09mgMY6GDaBfdPUFrXemgD+71hSfJ7ZSPZpcVtqjro0Fue5bxg36c9I:chHumgcYU+pYxABqtqjro8ueM6frdB |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 6.33 KB |
MD5:
3fc7d0b68452a4b37782f3b6ab9557cd
SHA1: bf89bf16181b18e1107f7d9c867d40a39e6c532e SHA256: 88ef946defbb25cef440973f7c2e8803f350fb06ecad549486b2b50c3a4bfd4c SSDeep: 96:CKa3F36fEOWMOS+/OCTVzqkwMMNuLoT0Io/odtgdziEsBL4vIwi0dDOxnSFszZGM:YQxCTVmItEAl/oPMzVvRdD0ETgrXRdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.07 KB |
MD5:
4f8590e2e1c4064f2fefe9a7ba32c163
SHA1: 6af5506eb96c3f88c71a837236b2214d16390dfb SHA256: 943cf13e488e6c162fb1778cced1eeae790be0f60a7607611ab87981f0addb83 SSDeep: 48:xTBM6lbPlMgDjgZY4aRMAjvxr5FHTUaXIPcque:xS6lbOJZSaA9rjUaXIPdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.14 KB |
MD5:
828c9571f0389f5b9426476e1d1aeaa3
SHA1: f35a0ecd18568c69680720580514d16153d956df SHA256: 43b23bcb8dc028158d59a1b4b197eb108cc311fb3b7c7797adf2d96e5b953e35 SSDeep: 24:wz3c5hi5Nh24xXCh4ljDz3erARIoCNIq344t57bQof0yFhXppO+VURG:wbcm5Nhjx5ljurAOxo4LbQ2hZcquG |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.81 KB |
MD5:
402a3fca6731e2017fc0f3a1600a38aa
SHA1: da8cdc7d66e483b762e0a21ea1b0008bec32241f SHA256: c9f446e723b4767c5abca00bed9b2e1bab45f2fa7cdaeabd0d5ef3efbff48113 SSDeep: 48:JWVVQmwJxJK9zVxiRdljK2EMR7v6i4zcquw:8VnpgZj73Ru9zdr |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 5.67 KB |
MD5:
6f4ad769646ae10ffe8f3c4dc204a94f
SHA1: b4776d380ef3e3a5df58a9e3ef5bc98e71745338 SHA256: 2ca1a305353cd8d48dd4f0e8d066547f3e52c8af19f5869128cced941756fe92 SSDeep: 96:oLO1IGDA9Omb3uJqZg0+D0AKMNHly5mmZAUqyGBZD3/eVlV1Fbvmf/hz25htydB:7RD0Omb3uJqZ3+c5rGBx3g1JO0MdB |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.54 KB |
MD5:
7cbdb5f3c040a177ac97ebc2ad2a5028
SHA1: b18c22df3714c225ee57b17905b2dc8d2355dd99 SHA256: efb4ee9e9e1ea1080b7dfb2051a7c5f52b5f31f94a6b312c4cb1c408f39907f1 SSDeep: 48:fnKQrUK8JDxvhgi9Zy9KBTeKMQy5/S7vKZqt3SdIpQxRSjb2CclXfZ5cque:fntUKkDxvhMYBTeKMQbKZqti0qXlXfZV |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.44 KB |
MD5:
c6562faea915b0ca18fa5ccb1df8dc30
SHA1: fa3f46c87e3229249ba82940ece0ec82925cbf2b SHA256: 1bea1acd02c6c1c0d7ab6fe93b1b364a686e99b46213ceff51540dd9f6881e24 SSDeep: 24:VUaQhUmfs49G82OEHCgKkplewPUyAcAUYFh7mhX4UpO+VUR6:VUaQhUmfV2OEiLocDcAUAeIUcqu6 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 16.52 KB |
MD5:
c52bbcc8d099c0069a0f1b9bec87b5e4
SHA1: e68d7ffbe50787a6ad893e2a36683bd43a4d71ab SHA256: edf84735c42d4b852eec35202d3735d403c5e990e4fd856a362e21f0a5af936f SSDeep: 384:8sb644zolo9VUcw6cx5HAtyvTsF90JVNRyWa7y++v395p8cEdZ:8sB7lo8ciHAMT+90DNFa5+vF8NX |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.17 KB |
MD5:
545e981e71ddf629d7af3cd39b767000
SHA1: fad60f4f02b5d3c42bafaef6bd77df86e046eb76 SHA256: 3efbcaa669dcf1bfaec81596841f94bf91f244ccd36fa0c5aef352beecaaafa0 SSDeep: 24:HptmOJQzbK9u80PnzffMWJPTxh+WR3nlIuSUswhmY+1unlpO+VURy:sz1TnLfMWJbx5RlIZUsxY+1ulcquy |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.15 KB |
MD5:
ff490be8e26833379d182bda7e447ce7
SHA1: 15aca0361f39aebeb719db0efa657fbbbc480e49 SHA256: bff99c858febd2d0d2140c4f2d849855e18a54d6c0386db365a2f29f3d05dc17 SSDeep: 96:SR8i9VQy1ub7p/H5ix/GfoFG2+JJJe2kSdt:mHR83p/HS+osldt |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 30.60 KB |
MD5:
eee054a5d427e2ca16e3a92f2f7eca13
SHA1: d6adb301690d2db9732ab480904e25e0b6665fb2 SHA256: 79a7d6475554b87363d489a85c5cc50319980ee65f56f298382b48ea50b364dc SSDeep: 768:Ypy5d6jlnkkM1bYxjecEXnL5NhGXaBAtoTnKlaX:F6lnLEcxjextDGXaBAto+ls |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.99 KB |
MD5:
75e365f002c25d62c1f50d0a12ca4703
SHA1: debeb83ff545b27209d9c989f540ae2eb04ad27d SHA256: 11260f718eb431d66f798f87814ca3ad8206e6562e5233f31e841ca8d948f5da SSDeep: 48:SmdeHnz35BXDYRpRrUWk1C9fqcM9UGRcquy:SmdeT35BXD6pxsIQPdt |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.81 KB |
MD5:
d990e6d7ca6553e67ce45a782f344ed5
SHA1: 2fa14a5c96c0bad38ce0a13de10a208653a2170e SHA256: 57f26587844905c7f8515cfaaa5ef09ecfde2995feb763c6cf56ecbff613fce6 SSDeep: 48:mLVIdCxWbD3xofWl0jioD6GkOtKYOmLI0hirOLSeseqcquw:mLVED3xofm0mm62OEhikSJdr |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.99 KB |
MD5:
bc43e934850e727d61a4b0a87cd8895d
SHA1: ed4908e15bbca98cd6f92320b2e3485681ab7b28 SHA256: 4e4ed9db96cbc87eaa7279a0acabb374a545f0041b50c46f0649786599aa2075 SSDeep: 48:Nn1O9NvCwtyBwN6CLQlnzR9/JrZvhj7J4shuehcquy:3kNawtCwkTB/dPp9dt |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.47 KB |
MD5:
f0be608a7a07e1d5edc2e9cc22e3d574
SHA1: abde0c3c743732be97cd024edbf5c03422944392 SHA256: 2ea32cca1cc16105a35ccc8f619738a1f6efc2952fc29ecb1ce52404a9d9a631 SSDeep: 48:7xghNwzG6qopFhTh/MxVhVh0CLpT2MH+bnRHu+iDiZfOb3Br+cque:emXWxVHhVFKM8U+imZiRr+dZ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.55 KB |
MD5:
6ddaef1bc60677fb18a1edc036ba4cab
SHA1: 1ff060748cb95c2c3a1f9b4e656603294953a951 SHA256: 77a355d5ad7eebe60df195e2079e3d5883898f4be4e077d85661a96f63e58df2 SSDeep: 48:EDTiRKVn5X15mPS6V3SbbigC7fH9Bcque:unLF6V3IQBdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 5.97 KB |
MD5:
28343a78ce194e04bd28309e9850bcb7
SHA1: 48fd39c5eec1835d25cd1913a3cd5df7761a0a15 SHA256: 30b57afbca044c1512c3acc125f5fa3d325d22905eb80665cf9a6bf11e901cb9 SSDeep: 96:f+kbuECwIxTt31cfDoT7jcEvS/PEVTMrK5wCxi5cjiBy5fg/cGKke4Y5gVR8B2wy:f+kCEvIxTHAo34AsPENMKwuOYgWk5Ysf |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | 11.43 KB |
MD5:
bf706aaf9a18fcf93971a7e6c2bd9f9e
SHA1: 335ccc805c2face8728904750d00884ceac11385 SHA256: 294e5cd4cda04f5d076b399ed28e9ffca7d47d01864c57d24fbd41e52c75dc76 SSDeep: 192:16KrcbkRUgwej4ycJamFxvI6OcPA2MeAmc+RWSjIAPprugCu8+Gy3mx6Kpdt:16KK5Ry6POcPU5mc+0S8MprFt3mx6KpD |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.76 KB |
MD5:
a0bb777d2e54069770dbab7fd7ed6239
SHA1: f43b4b80eff36a16362f294f688215647695c787 SHA256: 949f57f165d6176a3529b000155cc899f9f38fc9926224c7dfaeb54f44550ea7 SSDeep: 48:oJgRNsiu5G5/miOL9E/wGswid8hNeXrg/tlg+e1cquc:oJgHu5G5uiORUwwimTecllgPdX |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.55 KB |
MD5:
6ca6da9bd4a3ab7762051e643a34bc56
SHA1: d6426b66ef3a7d687b6b6010f13fa11a9141d1b9 SHA256: 20e6c526323095a6b7b59696ec68f735f1570a1c56399fcc4b13800111cff988 SSDeep: 24:xLuSjtJd3w0NT3723xBcq1QBRe9/Iyigo3X/bp4m4nb1PUw907zlpO+VURe:USjTd3LpqjcOQB82Con/V4bqw0flcque |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 8.76 KB |
MD5:
f2b055af7f1286878a295052f2af8e81
SHA1: a4bab7c26a3e6177cbadd7bc834c862c3bb0fbd6 SHA256: 668a7a92560afc48e2343dadb35523d46fdf5c0f676ae48d96bf286ae07d03e4 SSDeep: 192:iPw3lb1dF7u9g1G23cindFMvmp39fu7uYkYEbEdSo2CzIrudX:2OFuiZ9N9dIuYBaEdSo2kIrudX |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.07 KB |
MD5:
c875e7b25fc5267b59519177e3754274
SHA1: 31d34cd9ac5f9daa974f2ee3bbc93a6094acebd9 SHA256: 90cdaee1970b84c82eafe77c2910363dd87e954be28cd1dd70c89665357c3abd SSDeep: 48:jModBucGXBpFK3VLHHVCYLC9DvV/zqRlaHcque:wagTBpi7/Cpt/uRlaHdZ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 8.94 KB |
MD5:
3f2bc12b5d5140b3a761dc2d7d1ef061
SHA1: b7703160be70b432ad6f21aa6dfb056c7e3bf6b8 SHA256: 67492885ae314ba5cb3fbf1be5c53185691ac5a36ea19fc1ab193a5a991a596b SSDeep: 192:eZr1YTI+I1A2P7L4cda3pXcwkLq4ndlpeU0fDjgP93YDRGBnssh/DHfdZ:kZc2DL44yXch9dlpeUYjgP93YNGxsstf |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
06e69471c0bb81eb102e539f0a04490d
SHA1: e0e8dbed58bcba38c03ab546d7753d1f973df44f SHA256: b53484f0eccebe76bbdf0262097d8f747d5a05d0e569a544452eb328aada91bc SSDeep: 196608:iaDH9F7/iHXDI2CPKBUq6qMuGm9vqExoi93nnedBwzSlmKwDhANZbPhn:DDdFDX2J5uuGyCfi9uIQmlANRh |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 855.24 KB |
MD5:
61e460ecf564ceb636ef7c375f3f3378
SHA1: 6dced34b90421c3e90d4456a16de7bfb6b8859e8 SHA256: da4896fa286ae6a6cc36281b047177bfcc68a34fe5a2d4ab76e486514eb2a70e SSDeep: 24576:FULuOzYcNWaUHLqKByK0lZo5M0woxlj5y:qSIYUWaUHLqKBFIZGjwobFy |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.80 KB |
MD5:
afe952b6747c3f2ecc7aa3a7033c88cd
SHA1: bc7d0b8a8e2737d318f200e9dc9592fefb0d9c8d SHA256: 33bc7b86d42ab7a884fd31e7154a13896e35c644ea042c3b3bc959b1babd3807 SSDeep: 48:8NUfQX7rdMjxdz0gaPOylwvLAAmzBIwxcque:BfQXGdQzOylwvsAwBVxdZ |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 853.75 KB |
MD5:
6676f9cf66e9f01f03dc183ca9086533
SHA1: ad6099eb925e4f8631a89cbe45b6b25df492ea0e SHA256: dd59657f4297f3854de3aa7fc31701b589a4275e759df900e704ab2470d1599c SSDeep: 24576:rVo8HXq5/RWiNoGLXGQqrhMBj8tIPEPJO:rb65VoWj8tmwO |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 4.42 KB |
MD5:
967b5471edbcc8d0933a3f5bf16abeb1
SHA1: fc80bb1055659ec6e3b3cc632afd9f31d27d12a7 SHA256: 5b643ab0e6816188b07e25c459d07ed2240aa177075d8b2c1fad5271c35d6dc0 SSDeep: 96:SmmAF0y47fGsgIZdG1kC3H6x51gJ71FLG3Ip0QfV0XkkLZrGSnfj9dr:DmAT4TGWZKH3H6xUhF/PfVfLSfpdr |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 29.46 KB |
MD5:
0fbccf38b1e190ecc682e11430d0a3ee
SHA1: 9ca1e8186a35495a1a56683f3423260f1a29672c SHA256: 12ed9c76f16fea9b27e0ce78cd6a747358a07b64e1f7e271cfd76e687b7d81bd SSDeep: 768:+2k4GZlvp0QUDecwQ4VyRHY5J/szdyuoCFifY4e2dSeZ:+V4Kl4ecwxoqURyuo2INSK |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.56 KB |
MD5:
17ee56db0dd8b800f97029df9b42694a
SHA1: 3f6b820153273a59298c72cb5ecaea108d689626 SHA256: 4f35f75ebdb7ef444ff91373b6d840a403685d050cfe244071dbd3a4ac459148 SSDeep: 24:kbtwwqIBk1ta2PrynYwhLwW/ndDjbZd1zP2Kbvi9rV2RMUuH1F7+WSeCIpO+VURG:kzqIByenYowwdD5s9h7H1FMehcquG |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 5.97 KB |
MD5:
a9588595aff6dac1155fe15eb24269b7
SHA1: dc70ac6ea223df491d9b557671dd7768dbd75d76 SHA256: 2cd101439e5c657a6315a755957da75d9b5cad5778e8e5276568db0fb60c1ade SSDeep: 96:MkoxvYID+S2FZhFlKof/ED8S7uPGnIPySycd/6w00dmxrALMjvE7DbOYPPazQ3kV:Mxvn+SshFIo3EDv7u+n2yS9cGmxrq6E0 |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
0132354deb06c352353675fce278a129
SHA1: 82f447263c0d4d83d398af15034413083edcbc35 SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 3.03 KB |
MD5:
57cac533146769cbaf39c9600de78716
SHA1: 092fc6b4074289c235e3062d733de95f8ad7285d SHA256: ac90e56104bd51cde1146cff9e6f2483f067448fa8300fb03d977ebb20c436e7 SSDeep: 96:JMq0PJQuDVqJ8gyAxB/US5kHG64pavvUvTOektTdt:c5DEOgyAH/n5km6YaHGadt |
|
|
| C:\Boot\BOOTSTAT.DAT.id-9C354B42.[GetDataBack@fros.cc].gdb | 64.25 KB |
MD5:
95b45ee54f808b8c4f252dbb6096e966
SHA1: 9003ef375eb85ed7ec7541c126d98f93d6db39fe SHA256: 7107eb968f9c1917994eb0e4c214341c41e75ce50dbc8aa79b8a3c3a09d72fa3 SSDeep: 1536:87Cjsdqu2wGOFCAhBzHSKKo9Uv1u5GMaon1z5nbddvFw/UbtRjlG:8GsntVCszyKWNubV1zZdd3E |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.05 KB |
MD5:
5b54cee3cf2c9f66189ce542d8fef41d
SHA1: 6abe3b3fe8cf193bfd08fff91907e0e8c793d347 SHA256: 1eedbb0cc7214909b939a7a4b32b073e3dfc2d2070cdb02cd39d238cabb668e5 SSDeep: 24:n/quzPWI3PTjdjRcGnss8AKOZlgRZ8ITeYgp3WS2s/kHpO+VURk:/3jrjhSP8Wk28kHcquk |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.13 MB |
MD5:
1b790958b7182a52f42c1b89617d30a8
SHA1: 049608317f58ff670740f1a9281814f47ee208d7 SHA256: 3eebf15148a1565b5cf6c9825e8accafe7bbdb897cc30bbd162b90471ed66ee8 SSDeep: 24576:U2taBoPIBIDUhsHwyfzTSAaUiDYRpuPp6umflq5RSh83BUWj6clXArkeS:UiCT5mwyfShjYsPp6umflq5CUBxjRteS |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.35 MB |
MD5:
222d33bd1feca6c28de9034624f47ba1
SHA1: 7d9018a7af2193db69d26304f3f1f7bb3706ccc4 SHA256: 5a0d316314bd3648d47bb6b9621a866c2c5614a1dba668bed6beb46d67d3a615 SSDeep: 49152:R0opH/cgHa3HRxz+4gAUOK1J6R1KYJEVhaZ:R0op1Har+kSjWZ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | 860.74 KB |
MD5:
27f39552fac73116ca9328c34a59c1cd
SHA1: 6eeb0aec34b5d9a9407684f8e5307b5e976d777f SHA256: 1c002e4664c8a37486363ab08ef4c8893071ca4d1d6cd3c4e7b75c60c7e84491 SSDeep: 24576:GWgmiPlc+woN/wDD/kn359ax7akJhsAqFtgEBF/D:GLmyc8/u/6p9U7XHWthBd |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | 2.12 KB |
MD5:
0e7e02bfc26834bf92bebc3b73c4de30
SHA1: 70c7e956635a0ba9339ed9b5e142f48221bbd7b8 SHA256: 1ad7a66ddc221d0d289f0aff3f85ee2fe2548137afc588b1146ca8abf8e6a3c5 SSDeep: 48:F5VYokuh+i4UV/UzuaDbYpUHxVM8OqLi9Jcquy:escyWYEIp3Xdt |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 1.88 KB |
MD5:
53170f14c73eef14a2e488e0a5dd0301
SHA1: 207c85784c5dfddb208e948c21ea136d40de2196 SHA256: 24445f321d34eff900cd5bd670680a8f1a6c402b8fbecef773457a0ebdd1237f SSDeep: 48:9QTskvuizJ6DxgMC5HOQhSX+09m3k/ycGh2oVuJ5L+OInkycquAl:isklzJ6lOOX+Em3eDLyOIRdb |
|
|
| C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | 28.17 KB |
MD5:
79f6bcf67d8a87aca91a20accb501215
SHA1: 2380b4cd92aeb6e48d7e215ab21038db7d6dad20 SHA256: 8275366e25f01e2d5c77cdcddb7ee4e9c43b6b2b23d03968dbf96d29a7bdafd9 SSDeep: 768:UrGM1yJ47jKJmtKMHHOEgkharZg82YT9Cg0Z:UK2vduz9XTQgA |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | 10.00 MB |
MD5:
052b4a3aaf24e1879297e0f1408c7662
SHA1: ccf2d2087988828f8117c27f1ec3ccaf4b5b926d SHA256: 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 SSDeep: 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h |
|
|
Host Behavior
File (3977)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\SauvegardeProjet.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcvbs.inc | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\System\msadc\adcvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\pagefile.sys | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\carried-announcement-endorsed.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\carried-announcement-endorsed.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | desired_access = GENERIC_WRITE |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1696 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 15072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1952 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 786688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2640 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 242 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1856 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | size = 928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2304 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 37696 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 26944 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 27200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 71248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 226 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 9360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 242 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4288 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2000 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2368 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 246 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 6432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 16688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4208 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | size = 67200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 816 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 16864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 9504 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 20592 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | size = 8736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1808 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 31104 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 11472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 8928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 39024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 227312 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 8576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 228 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 6256 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1856 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 656 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1584 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 25248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 134864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 19792 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2192 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 20640 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | size = 1568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | size = 234 |
|
2 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1936 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 27408 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 33024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | size = 2864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 34928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 43280 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 960 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 32608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2048 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 31840 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1296 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 20576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1296 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 29936 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 28608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | size = 1376 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 25120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 20384 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 32416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
2 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 26416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5136 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 60736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 32448 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 18832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5184 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3968 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2480 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 19488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1664 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 44864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 48128 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1376 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 11584 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 33568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 37456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1600 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 21760 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 33280 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1680 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 19568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1424 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 16752 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1440 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3984 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 53120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 37120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 15744 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 31984 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF | size = 2608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 34176 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 944 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 29312 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF | size = 786688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4112 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 47968 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 21824 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1744 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 33488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 18384 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4992 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 44304 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2528 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 19536 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1584 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 30176 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1680 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 109728 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 72032 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 42464 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 334432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 228 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 123968 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 58032 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2672 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 169648 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 416928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 720 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 252 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 945008 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 176 |
|
1 | |
| Write | C:\Program Files\desktop.ini.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 17264 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 228 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 18752 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 228 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 28976 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 34080 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 30960 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 99152 |
|
1 | |
| Write | C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 64112 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 543312 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 254 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 176320 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 32160 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 29792 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 7664 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 31120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 994192 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 228 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 38784 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 39520 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 264112 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 629680 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 6816 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 323952 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 786690 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 321408 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 234 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 9040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 7232 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 8112 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 6688 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 438192 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 712608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 320400 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1920 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 224 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 7696 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 528 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 512 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 606064 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 14880 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 11904 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 241040 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 73088 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 302992 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 230 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3488 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll | size = 3152 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 12704 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 430096 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 12496 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 2608 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 15312 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5328 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1152 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 7584 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4960 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 10608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 280464 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 209440 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 228 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 786692 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 262144 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 6992 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 13264 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4896 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5376 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 5024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 8592 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4400 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui | size = 9264 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3968 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3392 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3136 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 3040 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 4736 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[GetDataBack@fros.cc].gdb | size = 236 |
|
1 | |
| Delete | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | - |
|
1 | |
| Delete | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | - |
|
1 | |
|
For performance reasons, the remaining 2723 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | value_name = SauvegardeProjet.exe, data = C:\Windows\System32\SauvegardeProjet.exe, size = 80, type = REG_SZ |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb50, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 |
Module (139)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75a20000 |
|
2 | |
| Load | KERNEL32.dll | base_address = 0x75a20000 |
|
1 | |
| Load | NTDLL | base_address = 0x77850000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x75b30000 |
|
1 | |
| Load | user32.dll | base_address = 0x756f0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x76670000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77850000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74030000 |
|
1 | |
| Load | ws2_32.dll | base_address = 0x764c0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75a20000 |
|
16 | |
| Get Filename | - | process_name = c:\windows\syswow64\msiexec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\SauvegardeProjet.exe, size = 32767 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75a31222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address_out = 0x75a334b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x75a354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75a34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address_out = 0x75a49af0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x75a359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x75a34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x75a31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75a37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x75a35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameW, address_out = 0x75a3dd0e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameA, address_out = 0x75a4b6e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address_out = 0x75a3424c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenW, address_out = 0x75a31700 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x75a35a4b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75a31809 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x75a31136 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x75a35371 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75a3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x75a389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x75a3170d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x75a31916 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75a310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77872270 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75a33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75a33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenMutexW, address_out = 0x75a35151 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x778722b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x75a34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiW, address_out = 0x75a4d5cd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address_out = 0x75a33e8e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x778845f5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseMutex, address_out = 0x75a3111e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75a31410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x75a34467 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75a334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsW, address_out = 0x75a34173 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x75a31725 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceFrequency, address_out = 0x75a341f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x75a311f8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75a4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVolumeInformationW, address_out = 0x75a4c860 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75a31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x75a4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x75a4ce2e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x75a34435 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x75a314e9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77891f6e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7787e026 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x75a314c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreatePipe, address_out = 0x75ab415b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetHandleInformation, address_out = 0x75a4195c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x75a3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address_out = 0x75a33bca |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringA, address_out = 0x75a33c5a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address_out = 0x75a31986 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x75a4d802 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTime, address_out = 0x75a35a96 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SystemTimeToFileTime, address_out = 0x75a35a7e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75a311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x75a5735f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32NextW, address_out = 0x75a5896c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32FirstW, address_out = 0x75a58baf |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x75b4468d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x75b446ad |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x75b414d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x75b4469d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x75b44304 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address_out = 0x75b4431c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenSCManagerW, address_out = 0x75b3ca64 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenServiceW, address_out = 0x75b3ca4c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CloseServiceHandle, address_out = 0x75b4369c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ControlService, address_out = 0x75b57144 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = QueryServiceStatus, address_out = 0x75b42a86 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumDependentServicesW, address_out = 0x75b31e3a |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumServicesStatusExW, address_out = 0x75b3b466 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = SystemParametersInfoW, address_out = 0x757090d3 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteExW, address_out = 0x76691e46 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x7786fda0 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74032dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74032f06 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74033058 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAStartup, address_out = 0x764c3ab2 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = socket, address_out = 0x764c3eb8 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = send, address_out = 0x764c6f01 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = recv, address_out = 0x764c6b0e |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = connect, address_out = 0x764c6bdd |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = closesocket, address_out = 0x764c3918 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = gethostbyname, address_out = 0x764d7673 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = inet_addr, address_out = 0x764c311b |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = ntohl, address_out = 0x764c2d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htonl, address_out = 0x764c2d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htons, address_out = 0x764c2d8b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x75a4d650 |
|
16 |
Service (78)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
3 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
3 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
8 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
8 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
3 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
8 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (256)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
25 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
21 | |
| Get Time | type = Ticks, time = 172412 |
|
3 | |
| Get Time | type = Ticks, time = 172927 |
|
1 | |
| Get Time | type = Ticks, time = 173051 |
|
1 | |
| Get Time | type = Ticks, time = 173114 |
|
1 | |
| Get Time | type = Ticks, time = 173161 |
|
1 | |
| Get Time | type = Ticks, time = 173270 |
|
1 | |
| Get Time | type = Ticks, time = 173301 |
|
1 | |
| Get Time | type = Ticks, time = 173426 |
|
1 | |
| Get Time | type = Ticks, time = 173457 |
|
1 | |
| Get Time | type = Ticks, time = 173582 |
|
1 | |
| Get Time | type = Ticks, time = 173644 |
|
1 | |
| Get Time | type = Ticks, time = 173691 |
|
1 | |
| Get Time | type = Ticks, time = 173878 |
|
1 | |
| Get Time | type = Ticks, time = 173909 |
|
1 | |
| Get Time | type = Ticks, time = 174097 |
|
3 | |
| Get Time | type = Ticks, time = 174502 |
|
3 | |
| Get Time | type = Ticks, time = 174955 |
|
2 | |
| Get Time | type = Ticks, time = 175282 |
|
3 | |
| Get Time | type = Ticks, time = 175438 |
|
2 | |
| Get Time | type = Ticks, time = 175844 |
|
3 | |
| Get Time | type = Ticks, time = 175969 |
|
2 | |
| Get Time | type = Ticks, time = 176109 |
|
2 | |
| Get Time | type = Ticks, time = 176421 |
|
3 | |
| Get Time | type = Ticks, time = 176733 |
|
2 | |
| Get Time | type = Ticks, time = 177014 |
|
3 | |
| Get Time | type = Ticks, time = 177388 |
|
2 | |
| Get Time | type = Ticks, time = 177591 |
|
3 | |
| Get Time | type = Ticks, time = 177919 |
|
2 | |
| Get Time | type = Ticks, time = 178262 |
|
3 | |
| Get Time | type = Ticks, time = 178449 |
|
2 | |
| Get Time | type = Ticks, time = 178589 |
|
2 | |
| Get Time | type = Ticks, time = 178777 |
|
3 | |
| Get Time | type = Ticks, time = 179026 |
|
2 | |
| Get Time | type = Ticks, time = 179276 |
|
3 | |
| Get Time | type = Ticks, time = 179635 |
|
2 | |
| Get Time | type = Ticks, time = 180025 |
|
3 | |
| Get Time | type = Ticks, time = 180305 |
|
3 | |
| Get Time | type = Ticks, time = 180633 |
|
2 | |
| Get Time | type = Ticks, time = 180961 |
|
2 | |
| Get Time | type = Ticks, time = 181195 |
|
3 | |
| Get Time | type = Ticks, time = 181631 |
|
3 | |
| Get Time | type = Ticks, time = 181912 |
|
2 | |
| Get Time | type = Ticks, time = 182333 |
|
3 | |
| Get Time | type = Ticks, time = 182817 |
|
1 | |
| Get Time | type = Ticks, time = 182833 |
|
1 | |
| Get Time | type = Ticks, time = 182864 |
|
1 | |
| Get Time | type = Ticks, time = 183254 |
|
2 | |
| Get Time | type = Ticks, time = 184034 |
|
4 | |
| Get Time | type = Ticks, time = 184393 |
|
2 | |
| Get Time | type = Ticks, time = 184736 |
|
2 | |
| Get Time | type = Ticks, time = 185017 |
|
2 | |
| Get Time | type = Ticks, time = 185375 |
|
4 | |
| Get Time | type = Ticks, time = 185734 |
|
2 | |
| Get Time | type = Ticks, time = 185890 |
|
2 | |
| Get Time | type = Ticks, time = 186046 |
|
2 | |
| Get Time | type = Ticks, time = 186311 |
|
2 | |
| Get Time | type = Ticks, time = 186779 |
|
4 | |
| Get Time | type = Ticks, time = 187201 |
|
2 | |
| Get Time | type = Ticks, time = 187341 |
|
2 | |
| Get Time | type = Ticks, time = 187825 |
|
4 | |
| Get Time | type = Ticks, time = 188043 |
|
2 | |
| Get Time | type = Ticks, time = 188293 |
|
2 | |
| Get Time | type = Ticks, time = 188605 |
|
2 | |
| Get Time | type = Ticks, time = 188745 |
|
2 | |
| Get Time | type = Ticks, time = 188964 |
|
4 | |
| Get Time | type = Ticks, time = 189244 |
|
2 | |
| Get Time | type = Ticks, time = 189478 |
|
2 | |
| Get Time | type = Ticks, time = 189650 |
|
2 | |
| Get Time | type = Ticks, time = 189915 |
|
2 | |
| Get Time | type = Ticks, time = 190040 |
|
4 | |
| Get Time | type = Ticks, time = 190149 |
|
2 | |
| Get Time | type = Ticks, time = 190321 |
|
2 | |
| Get Time | type = Ticks, time = 190430 |
|
2 | |
| Get Time | type = Ticks, time = 190539 |
|
2 | |
| Get Time | type = Ticks, time = 190648 |
|
2 | |
| Get Time | type = Ticks, time = 190758 |
|
2 | |
| Get Time | type = Ticks, time = 190867 |
|
2 | |
| Get Time | type = Ticks, time = 190976 |
|
2 | |
| Get Time | type = Ticks, time = 191085 |
|
4 | |
| Get Time | type = Ticks, time = 191194 |
|
2 | |
| Get Time | type = Ticks, time = 191304 |
|
2 | |
| Get Time | type = Ticks, time = 191413 |
|
2 | |
| Get Time | type = Ticks, time = 191522 |
|
2 | |
| Get Time | type = Ticks, time = 191631 |
|
2 | |
| Get Time | type = Ticks, time = 191740 |
|
2 | |
| Get Time | type = Ticks, time = 191850 |
|
2 | |
| Get Time | type = Ticks, time = 191959 |
|
2 | |
| Get Time | type = Ticks, time = 192068 |
|
2 | |
| Get Time | type = Ticks, time = 192240 |
|
4 | |
| Get Time | type = Ticks, time = 192520 |
|
2 | |
| Get Time | type = Ticks, time = 192661 |
|
2 | |
| Get Time | type = Ticks, time = 193004 |
|
2 | |
| Get Time | type = Ticks, time = 194502 |
|
4 | |
| Get Time | type = Ticks, time = 194720 |
|
2 | |
| Get Info | type = Operating System |
|
2 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\syncronize_KVW72VA |
|
1 | |
| Create | mutex_name = Global\syncronize_KVW72VU |
|
1 | |
| Open | mutex_name = Global\syncronize_KVW72VA, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\syncronize_KVW72VU, desired_access = SYNCHRONIZE |
|
1 |
Process #3: cmd.exe
245
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:51, Reason: Child Process |
| Unmonitor | End Time: 00:02:19, Reason: Self Terminated |
| Monitor Duration | 00:00:28 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb50 |
| Parent PID | 0xad4 (c:\windows\syswow64\msiexec.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
310
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00056fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x001b0000 | 0x001c0fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x002effff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x002f0000 | 0x00356fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x005e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000005f0000 | 0x005f0000 | 0x00770fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000780000 | 0x00780000 | 0x01b7ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001b80000 | 0x01b80000 | 0x01ec2fff | Pagefile Backed Memory | r |
|
|
|
- |
| basebrd.dll | 0x01ed0000 | 0x01f97fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000001fa0000 | 0x01fa0000 | 0x02392fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x023a0000 | 0x0266efff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x49eb0000 | 0x49f08fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77450000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77550000 | 0x7766efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff1000 | 0x7fff1000 | 0x7fff1fff | Private Memory | rw |
|
|
|
- |
| winbrand.dll | 0x7fef8f20000 | 0x7fef8f27fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd920000 | 0x7fefd98afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefdb10000 | 0x7fefdbaefff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdc90000 | 0x7fefdcf6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdd00000 | 0x7fefddc8fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe0a0000 | 0x7fefe1a8fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefe350000 | 0x7fefe35dfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7feff950000 | 0x7feff97dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feff990000 | 0x7feff990fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdafff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (182)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
11 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
5 | |
| Open | STD_OUTPUT_HANDLE | - |
|
25 | |
| Open | STD_INPUT_HANDLE | - |
|
69 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
60 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (4)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\mode.com | os_pid = 0xb04, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\vssadmin.exe | os_pid = 0xbd4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\Windows\system32\mode.com | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\Windows\system32\vssadmin.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\Windows\system32\mode.com | address = 0x7fffffdf000, size = 896 |
|
1 | |
| Read | C:\Windows\system32\vssadmin.exe | address = 0x7fffffdc000, size = 896 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x77670000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49eb0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77550000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77566d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x775623d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77558290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x775617e0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x776c14a0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-10-28 08:53:17 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 172973 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (25)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
3 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
2 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: mode.com
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\mode.com |
| Command Line | mode con cp select=1251 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:55, Reason: Self Terminated |
| Monitor Duration | 00:00:02 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb04 |
| Parent PID | 0xb50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B54
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x001bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x003d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x003f0000 | 0x00400fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000410000 | 0x00410000 | 0x0041ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x00426fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000430000 | 0x00430000 | 0x00431fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0053ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000540000 | 0x00540000 | 0x006c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006d0000 | 0x006d0000 | 0x01acffff | Pagefile Backed Memory | r |
|
|
|
- |
| ulib.dll.mui | 0x01ad0000 | 0x01b07fff | Memory Mapped File | rw |
|
|
|
- |
| user32.dll | 0x77450000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77550000 | 0x7766efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| mode.com | 0xffea0000 | 0xffeabfff | Memory Mapped File | rwx |
|
|
|
- |
| ulib.dll | 0x7fef4370000 | 0x7fef4397fff | Memory Mapped File | rwx |
|
|
|
- |
| ureg.dll | 0x7fef8f30000 | 0x7fef8f3bfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7fefbf10000 | 0x7fefbf65fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd920000 | 0x7fefd98afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefdb10000 | 0x7fefdbaefff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdc90000 | 0x7fefdcf6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdd00000 | 0x7fefddc8fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe0a0000 | 0x7fefe1a8fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7fefe330000 | 0x7fefe34efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefe350000 | 0x7fefe35dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff740000 | 0x7feff81afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feff820000 | 0x7feff94cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7feff950000 | 0x7feff97dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feff990000 | 0x7feff990fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #5: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:54, Reason: Child Process |
| Unmonitor | End Time: 00:02:18, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbd4 |
| Parent PID | 0xb50 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BEC
0x
BA0
0x
B84
0x
B7C
0x
BFC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| vssadmin.exe.mui | 0x000e0000 | 0x000ecfff | Memory Mapped File | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x00100fff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x00110000 | 0x00120fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x00130fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000140000 | 0x00140000 | 0x00140fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x001cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x002dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x003dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x00587fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000590000 | 0x00590000 | 0x00710fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000720000 | 0x00720000 | 0x01b1ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001b60000 | 0x01b60000 | 0x01bdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001c80000 | 0x01c80000 | 0x01cfffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x01d00000 | 0x01fcefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002140000 | 0x02140000 | 0x021bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002230000 | 0x02230000 | 0x022affff | Private Memory | rw |
|
|
|
- |
| user32.dll | 0x77450000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77550000 | 0x7766efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| vssadmin.exe | 0xff060000 | 0xff08cfff | Memory Mapped File | rwx |
|
|
|
- |
| vss_ps.dll | 0x7fef4340000 | 0x7fef4353fff | Memory Mapped File | rwx |
|
|
|
- |
| vsstrace.dll | 0x7fef79b0000 | 0x7fef79c6fff | Memory Mapped File | rwx |
|
|
|
- |
| vssapi.dll | 0x7fef79d0000 | 0x7fef7b7ffff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x7fefb070000 | 0x7fefb088fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7fefcbb0000 | 0x7fefcbf6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7fefd4b0000 | 0x7fefd4befff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x7fefd5a0000 | 0x7fefd5b3fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd920000 | 0x7fefd98afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefdb10000 | 0x7fefdbaefff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7fefdbb0000 | 0x7fefdc86fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdc90000 | 0x7fefdcf6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdd00000 | 0x7fefddc8fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7fefddf0000 | 0x7fefdff2fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7fefe000000 | 0x7fefe098fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe0a0000 | 0x7fefe1a8fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7fefe330000 | 0x7fefe34efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefe350000 | 0x7fefe35dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff740000 | 0x7feff81afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feff820000 | 0x7feff94cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7feff950000 | 0x7feff97dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feff990000 | 0x7feff990fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd5fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffdcfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #8: sauvegardeprojet.exe
904
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe |
| Command Line | "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:16, Reason: Autostart |
| Unmonitor | End Time: 00:04:24, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:08 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x55c |
| Parent PID | 0x47c (c:\windows\system32\spoolsv.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
560
0x
6D0
0x
6D4
0x
6DC
0x
594
0x
31C
0x
618
0x
5E4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x0012ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0013ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x00140fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x00150fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x002bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002c0000 | 0x002c0000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0036ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000370000 | 0x00370000 | 0x0037ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000380000 | 0x00380000 | 0x00381fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003a0000 | 0x003a0000 | 0x0041ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x004bffff | Private Memory | rw |
|
|
|
- |
| gdipfontcachev1.dat | 0x00420000 | 0x0043afff | Memory Mapped File | rw |
|
|
|
|
| windowsshell.manifest | 0x00420000 | 0x00420fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x00426fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000430000 | 0x00430000 | 0x00431fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000440000 | 0x00440000 | 0x00441fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000450000 | 0x00450000 | 0x00451fff | Pagefile Backed Memory | r |
|
|
|
- |
| msctf.dll.mui | 0x00450000 | 0x00450fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0046ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x00461fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x00460fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000470000 | 0x00470000 | 0x00470fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x004bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004c0000 | 0x004c0000 | 0x004fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000500000 | 0x00500000 | 0x005fffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x00600000 | 0x00681fff | Memory Mapped File | r |
|
|
|
- |
| segoeui.ttf | 0x00600000 | 0x0067efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0067ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000600000 | 0x00600000 | 0x0060ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000640000 | 0x00640000 | 0x0067ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000690000 | 0x00690000 | 0x006cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006d0000 | 0x006d0000 | 0x0070ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000750000 | 0x00750000 | 0x0078ffff | Private Memory | rwx |
|
|
|
- |
| mscorrc.dll | 0x00790000 | 0x007f1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000810000 | 0x00810000 | 0x0084ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000850000 | 0x00850000 | 0x0088ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008c0000 | 0x008c0000 | 0x008fffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000900000 | 0x00900000 | 0x0090ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000910000 | 0x00910000 | 0x00a97fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000aa0000 | 0x00aa0000 | 0x00c20fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000ca0000 | 0x00ca0000 | 0x00cdffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cf0000 | 0x00cf0000 | 0x00deffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e30000 | 0x00e30000 | 0x00f2ffff | Private Memory | rw |
|
|
|
- |
| micross.ttf | 0x00f30000 | 0x00fcffff | Memory Mapped File | r |
|
|
|
- |
| tahoma.ttf | 0x00f30000 | 0x00fdafff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000f30000 | 0x00f30000 | 0x00faffff | Private Memory | rw |
|
|
|
- |
| sauvegardeprojet.exe | 0x00fe0000 | 0x0107bfff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001080000 | 0x01080000 | 0x0247ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002480000 | 0x02480000 | 0x0447ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000044e0000 | 0x044e0000 | 0x045dffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x045e0000 | 0x048aefff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000048b0000 | 0x048b0000 | 0x0498efff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000004a30000 | 0x04a30000 | 0x04a6ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000004a70000 | 0x04a70000 | 0x04c3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a70000 | 0x04a70000 | 0x04bfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004a70000 | 0x04a70000 | 0x04b6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bf0000 | 0x04bf0000 | 0x04bfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004c30000 | 0x04c30000 | 0x04c3ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nlp | 0x04c40000 | 0x04f11fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004fd0000 | 0x04fd0000 | 0x050cffff | Private Memory | rw |
|
|
|
- |
| msjh.ttf | 0x050d0000 | 0x06578fff | Memory Mapped File | r |
|
|
|
- |
| msyh.ttf | 0x050d0000 | 0x06592fff | Memory Mapped File | r |
|
|
|
- |
| malgun.ttf | 0x050d0000 | 0x054f2fff | Memory Mapped File | r |
|
|
|
- |
| comctl32.dll | 0x050d0000 | 0x0526afff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000050d0000 | 0x050d0000 | 0x052e8fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000005310000 | 0x05310000 | 0x0540ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005500000 | 0x05500000 | 0x056fffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x05700000 | 0x0602ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000006030000 | 0x06030000 | 0x06422fff | Pagefile Backed Memory | r |
|
|
|
- |
| system.windows.forms.dll | 0x70d70000 | 0x71207fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x70ee0000 | 0x7107dfff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x71080000 | 0x7120ffff | Memory Mapped File | rwx |
|
|
|
- |
| system.windows.forms.ni.dll | 0x71210000 | 0x71e67fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x71e70000 | 0x72585fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x72590000 | 0x72f3cfff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x72f40000 | 0x735e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x735f0000 | 0x73602fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x73610000 | 0x73618fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x73620000 | 0x73697fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x736a0000 | 0x736e9fff | Memory Mapped File | rwx |
|
|
|
- |
| system.runtime.remoting.ni.dll | 0x73940000 | 0x73a04fff | Memory Mapped File | rwx |
|
|
|
- |
| nlssorting.dll | 0x73a10000 | 0x73a22fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x73a30000 | 0x73ab3fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x73ac0000 | 0x73afafff | Memory Mapped File | rwx |
|
|
|
- |
| system.drawing.ni.dll | 0x73b00000 | 0x73c8cfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x73c90000 | 0x73e5afff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73e60000 | 0x73edffff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x73ee0000 | 0x73ef5fff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x73f00000 | 0x73f7cfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74080000 | 0x74087fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74090000 | 0x740ebfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x740f0000 | 0x7412efff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x74310000 | 0x7553afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x75540000 | 0x75634fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75660000 | 0x7566bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75670000 | 0x756cffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75810000 | 0x7589ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x758a0000 | 0x7598ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75990000 | 0x759d5fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x75a30000 | 0x75accfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75ae0000 | 0x75b3ffff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x75b40000 | 0x75bc2fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75be0000 | 0x75cabfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75db0000 | 0x75e06fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x75e10000 | 0x75f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x75f70000 | 0x75f88fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76e30000 | 0x76ebefff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77060000 | 0x771bbfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x772c0000 | 0x772c9fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x773f0000 | 0x7748ffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x77490000 | 0x7753bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77540000 | 0x7764ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077710000 | 0x77710000 | 0x7782efff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077830000 | 0x77830000 | 0x77929fff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77930000 | 0x77ad8fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77b10000 | 0x77c8ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 36 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe.config | type = file_attributes |
|
1 | |
| Open Mapping | - | desired_access = 12 |
|
1 |
Registry (24)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | value_name = 0, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | value_name = 0, data = IDE\DiskHD502HI_________________________________OF90____\5&37d1a386&0&0.0.0, type = REG_SZ |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\msiexec.exe | os_pid = 0x7d4, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Get Info | C:\Windows\SysWOW64\msiexec.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Thread (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Queue APC | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | os_tid = 0x31c |
|
1 |
Memory (6)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | C:\Windows\SysWOW64\msiexec.exe | address = 0x540de64, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 88137308 |
|
2 | |
| Read | C:\Windows\SysWOW64\msiexec.exe | address = 0x7efde008, size = 4 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x7efde008, size = 4 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x70000, size = 164 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x80000, size = 78 |
|
1 |
Module (571)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x73a30000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x70ee0000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0xe10001 |
|
3 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x75e10000 |
|
1 | |
| Get Handle | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | base_address = 0xfe0000 |
|
21 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | base_address = 0x73a30000 |
|
72 | |
| Get Handle | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | base_address = 0x70ee0000 |
|
22 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x77540000 |
|
1 | |
| Get Handle | sbiedll.dll | base_address = 0x0 |
|
1 | |
| Get Handle | guard32.dll | base_address = 0x0 |
|
1 | |
| Get Handle | dbghelp.dll | base_address = 0x0 |
|
1 | |
| Get Handle | api_log.dll | base_address = 0x0 |
|
1 | |
| Get Handle | dir_watch.dll | base_address = 0x0 |
|
1 | |
| Get Handle | vmcheck.dll | base_address = 0x0 |
|
1 | |
| Get Handle | LOG_API.DLL | base_address = 0x0 |
|
1 | |
| Get Handle | pstorec.dll | base_address = 0x0 |
|
1 | |
| Get Filename | comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 260 |
|
1 | |
| Get Filename | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
3 | |
| Get Filename | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
6 | |
| Get Filename | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x77b425dd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x7755195e |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 88138016 |
|
1 | |
| Map | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, protection = PAGE_READONLY, address_out = 0x50d0000 |
|
1 | |
| Map | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x49d0000 |
|
1 | |
| Map | - | process_name = C:\Windows\SysWOW64\msiexec.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x400000 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (58)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2008294877 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793326 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2008294877 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793486 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2008294877 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793566 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 65900 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 65900 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551600, new_long = 46792704 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793646 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65928 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1895262649 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793726 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65930 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793766 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65932 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793806 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65934 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793846 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65936 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793886 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65938 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77793926 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65940 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77837078 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65942 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77837142 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65944 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77837182 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65946 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894823061 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 77837262 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65948 |
|
1 |
Keyboard (193)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
26 | |
| Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
56 | |
| Read | virtual_key_code = VK_MENU, result_out = 18446744073709551489 |
|
16 | |
| Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
55 | |
| Read | virtual_key_code = VK_MENU, result_out = 1 |
|
16 | |
| Read | virtual_key_code = VK_MENU, result_out = 18446744073709551488 |
|
24 |
System (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Cursor | x_out = 212, y_out = 282 |
|
4 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
3 | |
| Sleep | duration = 39388872 milliseconds (39388.872 seconds) |
|
1 | |
| Sleep | duration = 40325976 milliseconds (40325.976 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 |
Debug (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | - |
|
1 | |
| Hide | c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | - |
|
1 |
Process #9: sauvegardeprojet.exe
891
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:16, Reason: Autostart |
| Unmonitor | End Time: 00:04:24, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:08 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x564 |
| Parent PID | 0x47c (c:\windows\system32\spoolsv.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
568
0x
6C4
0x
6C8
0x
6E0
0x
57C
0x
5FC
0x
5D4
0x
640
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000effff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0011ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x0012ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0013ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x001bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x001effff | Private Memory | - |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x00251fff | Pagefile Backed Memory | r |
|
|
|
- |
| sauvegardeprojet.exe | 0x00260000 | 0x002fbfff | Memory Mapped File | rwx |
|
|
|
|
| gdipfontcachev1.dat | 0x00300000 | 0x0031afff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x00300fff | Private Memory | rw |
|
|
|
- |
| windowsshell.manifest | 0x00310000 | 0x00310fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000310000 | 0x00310000 | 0x00316fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x0035ffff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000000360000 | 0x00360000 | 0x00361fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000370000 | 0x00370000 | 0x0037ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000380000 | 0x00380000 | 0x0041ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x00421fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0052ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000530000 | 0x00530000 | 0x0053ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x00531fff | Pagefile Backed Memory | r |
|
|
|
- |
| msctf.dll.mui | 0x00530000 | 0x00530fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000540000 | 0x00540000 | 0x0054ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000540000 | 0x00540000 | 0x00541fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000540000 | 0x00540000 | 0x00540fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000550000 | 0x00550000 | 0x00550fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x00561fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x005affff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x005effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000610000 | 0x00610000 | 0x0070ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000710000 | 0x00710000 | 0x00897fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000008d0000 | 0x008d0000 | 0x008dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000900000 | 0x00900000 | 0x0093ffff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00ac0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ad0000 | 0x00ad0000 | 0x01ecffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f40000 | 0x01f40000 | 0x01f7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f80000 | 0x01f80000 | 0x0207ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002080000 | 0x02080000 | 0x020bffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x020c0000 | 0x02141fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000020c0000 | 0x020c0000 | 0x0217ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000020f0000 | 0x020f0000 | 0x0212ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002170000 | 0x02170000 | 0x0217ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002190000 | 0x02190000 | 0x0228ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002290000 | 0x02290000 | 0x0428ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004290000 | 0x04290000 | 0x0436ffff | Private Memory | rw |
|
|
|
- |
| micross.ttf | 0x04290000 | 0x0432ffff | Memory Mapped File | r |
|
|
|
- |
| segoeui.ttf | 0x04290000 | 0x0430efff | Memory Mapped File | r |
|
|
|
- |
| mscorrc.dll | 0x04290000 | 0x042f1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004330000 | 0x04330000 | 0x0436ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004370000 | 0x04370000 | 0x043affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004400000 | 0x04400000 | 0x044fffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x04500000 | 0x047cefff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000047d0000 | 0x047d0000 | 0x048aefff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nlp | 0x048b0000 | 0x04b81fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004b90000 | 0x04b90000 | 0x04d2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bd0000 | 0x04bd0000 | 0x04ccffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004d20000 | 0x04d20000 | 0x04d2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004d30000 | 0x04d30000 | 0x04e2ffff | Private Memory | rw |
|
|
|
- |
| tahoma.ttf | 0x04e30000 | 0x04edafff | Memory Mapped File | r |
|
|
|
- |
| msjh.ttf | 0x04e30000 | 0x062d8fff | Memory Mapped File | r |
|
|
|
- |
| msyh.ttf | 0x04e30000 | 0x062f2fff | Memory Mapped File | r |
|
|
|
- |
| malgun.ttf | 0x04e30000 | 0x05252fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004e30000 | 0x04e30000 | 0x04eeffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004e30000 | 0x04e30000 | 0x04eaffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004eb0000 | 0x04eb0000 | 0x04eeffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x04ef0000 | 0x0508afff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000004ef0000 | 0x04ef0000 | 0x05108fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000005260000 | 0x05260000 | 0x0545ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x05460000 | 0x05d8ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000005d90000 | 0x05d90000 | 0x06182fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000006270000 | 0x06270000 | 0x0636ffff | Private Memory | rw |
|
|
|
- |
| system.windows.forms.dll | 0x70d70000 | 0x71207fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x70ee0000 | 0x7107dfff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x71080000 | 0x7120ffff | Memory Mapped File | rwx |
|
|
|
- |
| system.windows.forms.ni.dll | 0x71210000 | 0x71e67fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x71e70000 | 0x72585fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x72590000 | 0x72f3cfff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x72f40000 | 0x735e7fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x735f0000 | 0x73602fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x73610000 | 0x73618fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x73620000 | 0x73697fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x736a0000 | 0x736e9fff | Memory Mapped File | rwx |
|
|
|
- |
| system.runtime.remoting.ni.dll | 0x73940000 | 0x73a04fff | Memory Mapped File | rwx |
|
|
|
- |
| nlssorting.dll | 0x73a10000 | 0x73a22fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x73a30000 | 0x73ab3fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x73ac0000 | 0x73afafff | Memory Mapped File | rwx |
|
|
|
- |
| system.drawing.ni.dll | 0x73b00000 | 0x73c8cfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x73c90000 | 0x73e5afff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73e60000 | 0x73edffff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x73ee0000 | 0x73ef5fff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x73f00000 | 0x73f7cfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74080000 | 0x74087fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74090000 | 0x740ebfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x740f0000 | 0x7412efff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x74310000 | 0x7553afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x75540000 | 0x75634fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75660000 | 0x7566bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75670000 | 0x756cffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75810000 | 0x7589ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x758a0000 | 0x7598ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75990000 | 0x759d5fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x75a30000 | 0x75accfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75ae0000 | 0x75b3ffff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x75b40000 | 0x75bc2fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75be0000 | 0x75cabfff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75db0000 | 0x75e06fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x75e10000 | 0x75f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x75f70000 | 0x75f88fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x76e30000 | 0x76ebefff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77060000 | 0x771bbfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x772c0000 | 0x772c9fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x773f0000 | 0x7748ffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x77490000 | 0x7753bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77540000 | 0x7764ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077710000 | 0x77710000 | 0x7782efff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077830000 | 0x77830000 | 0x77929fff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77930000 | 0x77ad8fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77b10000 | 0x77c8ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 37 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
File (2)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe.config | type = file_attributes |
|
1 | |
| Open Mapping | - | desired_access = 12 |
|
1 |
Registry (24)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | value_name = 0, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | value_name = 0, data = IDE\DiskHD502HI_________________________________OF90____\5&37d1a386&0&0.0.0, type = REG_SZ |
|
1 |
Module (568)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x73a30000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x70ee0000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x2150001 |
|
3 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x75e10000 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | base_address = 0x260000 |
|
21 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | base_address = 0x73a30000 |
|
72 | |
| Get Handle | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | base_address = 0x70ee0000 |
|
22 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x77540000 |
|
1 | |
| Get Handle | sbiedll.dll | base_address = 0x0 |
|
1 | |
| Get Handle | guard32.dll | base_address = 0x0 |
|
1 | |
| Get Handle | dbghelp.dll | base_address = 0x0 |
|
1 | |
| Get Handle | api_log.dll | base_address = 0x0 |
|
1 | |
| Get Handle | dir_watch.dll | base_address = 0x0 |
|
1 | |
| Get Handle | vmcheck.dll | base_address = 0x0 |
|
1 | |
| Get Handle | LOG_API.DLL | base_address = 0x0 |
|
1 | |
| Get Handle | pstorec.dll | base_address = 0x0 |
|
1 | |
| Get Filename | comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 260 |
|
1 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
3 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
6 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x77b425dd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x7755195e |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe, protection = PAGE_READONLY, address_out = 0x6370000 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (58)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2008294877 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5703726 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2008294877 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5703886 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2008294877 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5703966 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 65904 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 65904 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551600, new_long = 46792704 |
|
1 | |
| Set Attribute | Sauvegarde d'un projet VB Net ou C# | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5704046 |
|
1 | |
| Set Attribute | Arborescence du projet | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65906 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1895262649 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5704126 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.LISTBOX.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65908 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5704166 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65910 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5704206 |
|
1 | |
| Set Attribute | Repertoire Projet 2 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65912 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5704246 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65914 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5704286 |
|
1 | |
| Set Attribute | Repertoire Projet 1 : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65916 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5704326 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65918 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5747478 |
|
1 | |
| Set Attribute | Répertoire du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65920 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5747542 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65922 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894758601 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5747582 |
|
1 | |
| Set Attribute | Fichier solution du projet : | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65924 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1894823061 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5747662 |
|
1 | |
| Set Attribute | Sélection du fichier .sln | class_name = WindowsForms10.BUTTON.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 65926 |
|
1 |
Keyboard (192)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
25 | |
| Read | virtual_key_code = VK_CONTROL, result_out = 0 |
|
56 | |
| Read | virtual_key_code = VK_MENU, result_out = 18446744073709551489 |
|
24 | |
| Read | virtual_key_code = VK_SHIFT, result_out = 0 |
|
55 | |
| Read | virtual_key_code = VK_MENU, result_out = 18446744073709551488 |
|
16 | |
| Read | virtual_key_code = VK_MENU, result_out = 0 |
|
16 |
System (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Cursor | x_out = 212, y_out = 282 |
|
4 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
5 | |
| Sleep | duration = 38549208 milliseconds (38549.208 seconds) |
|
1 | |
| Get Info | type = Operating System |
|
2 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 |
Debug (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | - |
|
1 | |
| Hide | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | - |
|
1 |
Process #10: msiexec.exe
161
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\syswow64\msiexec.exe |
| Command Line | C:\Windows\SysWOW64\msiexec.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:21, Reason: Child Process |
| Unmonitor | End Time: 00:04:24, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7d4 |
| Parent PID | 0x55c (c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
440
0x
7A8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a3fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x0014ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x0021ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00360000 | 0x003c6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x00428fff | Pagefile Backed Memory | rwx |
|
|
|
- |
| msiexec.exe | 0x00440000 | 0x00453fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x004cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000004d0000 | 0x004d0000 | 0x00657fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000660000 | 0x00660000 | 0x007e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007f0000 | 0x007f0000 | 0x01beffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001bf0000 | 0x01bf0000 | 0x01c9ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x01ca0000 | 0x01f6efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002020000 | 0x02020000 | 0x0205ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000020a0000 | 0x020a0000 | 0x020dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000020e0000 | 0x020e0000 | 0x021e0fff | Private Memory | rw |
|
|
|
- |
| mpr.dll | 0x73920000 | 0x73931fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74080000 | 0x74087fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74090000 | 0x740ebfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x740f0000 | 0x7412efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75660000 | 0x7566bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75670000 | 0x756cffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x75810000 | 0x7589ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x758a0000 | 0x7598ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75990000 | 0x759d5fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x75a30000 | 0x75accfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75ae0000 | 0x75b3ffff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x75bd0000 | 0x75bd5fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75be0000 | 0x75cabfff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x75d40000 | 0x75d74fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75db0000 | 0x75e06fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x75e10000 | 0x75f0ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x75f70000 | 0x75f88fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x761c0000 | 0x76e09fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x772c0000 | 0x772c9fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x773f0000 | 0x7748ffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x77490000 | 0x7753bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77540000 | 0x7764ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077710000 | 0x77710000 | 0x7782efff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077830000 | 0x77830000 | 0x77929fff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77930000 | 0x77ad8fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77b10000 | 0x77c8ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #8: c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | 0x31c | address = 0x400000, size = 167936 |
|
1 | |
| Modify Memory | #8: c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | 0x31c | address = 0x7efde008, size = 4 |
|
1 | |
| Modify Memory | #8: c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | 0x31c | address = 0x70000, size = 164 |
|
1 | |
| Modify Memory | #8: c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | 0x31c | address = 0x80000, size = 78 |
|
1 | |
| Modify Control Flow | #8: c:\programdata\microsoft\windows\start menu\programs\startup\sauvegardeprojet.exe | 0x31c | os_tid = 0x440, address = 0x80000 |
|
1 |
Host Behavior
File (13)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Windows\System32\SauvegardeProjet.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SauvegardeProjet.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Read | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | size = 1048576, size_out = 611840 |
|
1 | |
| Read | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe | size = 1048576, size_out = 0 |
|
1 | |
| Write | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SauvegardeProjet.exe | size = 611840 |
|
1 |
Registry (9)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | value_name = SauvegardeProjet.exe, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\SauvegardeProjet.exe, size = 132, type = REG_SZ |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 |
Module (121)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x77540000 |
|
2 | |
| Load | KERNEL32.dll | base_address = 0x77540000 |
|
1 | |
| Load | NTDLL | base_address = 0x77b10000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x773f0000 |
|
1 | |
| Load | user32.dll | base_address = 0x75e10000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x761c0000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77b10000 |
|
1 | |
| Load | mpr.dll | base_address = 0x73920000 |
|
1 | |
| Load | ws2_32.dll | base_address = 0x75d40000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x77540000 |
|
8 | |
| Get Filename | - | process_name = c:\windows\syswow64\msiexec.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SauvegardeProjet.exe, size = 32767 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x77551222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address_out = 0x775534b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x775554ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x77554442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address_out = 0x77569af0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x775559e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x77554950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x77551b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x77557a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x77555223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameW, address_out = 0x7755dd0e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameA, address_out = 0x7756b6e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address_out = 0x7755424c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenW, address_out = 0x77551700 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x77555a4b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x77551809 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x77551136 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x77555371 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x7755110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x775589b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x7755170d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x77551916 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x775510ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77b32270 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x77553ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x77553f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenMutexW, address_out = 0x77555151 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x77b322b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x77554220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiW, address_out = 0x7756d5cd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address_out = 0x77553e8e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77b445f5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseMutex, address_out = 0x7755111e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x77551410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x77554467 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x775534d5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsW, address_out = 0x77554173 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x77551725 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceFrequency, address_out = 0x775541f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x775511f8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x7756d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVolumeInformationW, address_out = 0x7756c860 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x77551282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x7756c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x7756ce2e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x77554435 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x775514e9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77b51f6e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x77b3e026 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x775514c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreatePipe, address_out = 0x775d415b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetHandleInformation, address_out = 0x7756195c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x7755103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address_out = 0x77553bca |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringA, address_out = 0x77553c5a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address_out = 0x77551986 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x7756d802 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTime, address_out = 0x77555a96 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SystemTimeToFileTime, address_out = 0x77555a7e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x775511c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x7757735f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32NextW, address_out = 0x7757896c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32FirstW, address_out = 0x77578baf |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x7740468d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x774046ad |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x774014d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x7740469d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x77404304 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address_out = 0x7740431c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenSCManagerW, address_out = 0x773fca64 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenServiceW, address_out = 0x773fca4c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CloseServiceHandle, address_out = 0x7740369c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ControlService, address_out = 0x77417144 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = QueryServiceStatus, address_out = 0x77402a86 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumDependentServicesW, address_out = 0x773f1e3a |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumServicesStatusExW, address_out = 0x773fb466 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = SystemParametersInfoW, address_out = 0x75e290d3 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteExW, address_out = 0x761e1e46 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x77b2fda0 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x73922dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x73922f06 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x73923058 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAStartup, address_out = 0x75d43ab2 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = socket, address_out = 0x75d43eb8 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = send, address_out = 0x75d46f01 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = recv, address_out = 0x75d46b0e |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = connect, address_out = 0x75d46bdd |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = closesocket, address_out = 0x75d43918 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = gethostbyname, address_out = 0x75d57673 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = inet_addr, address_out = 0x75d4311b |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = ntohl, address_out = 0x75d42d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htonl, address_out = 0x75d42d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htons, address_out = 0x75d42d8b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x7756d650 |
|
8 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Ticks, time = 84146 |
|
3 | |
| Get Info | type = Operating System |
|
2 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\syncronize_KVW72VA |
|
1 | |
| Create | mutex_name = Global\syncronize_KVW72VU |
|
1 | |
| Open | mutex_name = Global\syncronize_KVW72VA, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\syncronize_KVW72VU, desired_access = SYNCHRONIZE |
|
1 |
