83870dd4c1c44775e9c3aa5d5bd4abce782cb07f3454de4a82bf24f26381d947 (SHA256)
WscParent.exe
Windows Exe (x86-32)
Created at 2018-10-03 03:10:00
Notifications (2/2)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Sequential View
Process #1: wscparent.exe
214
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:37, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:56, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa5c |
| Parent PID | 0x568 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A60
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0021ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000220000 | 0x00220000 | 0x0029ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| rsaenh.dll | 0x002a0000 | 0x002dbfff | Memory Mapped File | r |
|
|
|
- |
| ~dfc7797a38c36d9797.tmp | 0x002a0000 | 0x0031ffff | Memory Mapped File | rw |
|
|
|
|
| pagefile_0x0000000000320000 | 0x00320000 | 0x00326fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000330000 | 0x00330000 | 0x00331fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000340000 | 0x00340000 | 0x00340fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x003dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003f0fff | Private Memory | rwx |
|
|
|
- |
| wscparent.exe | 0x00400000 | 0x00445fff | Memory Mapped File | rwx |
|
|
|
|
| pagefile_0x0000000000450000 | 0x00450000 | 0x004cffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000004d0000 | 0x004d0000 | 0x005cffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000005d0000 | 0x005d0000 | 0x00757fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000007b0000 | 0x007b0000 | 0x007bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000007c0000 | 0x007c0000 | 0x00940fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000950000 | 0x00950000 | 0x01d4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001d50000 | 0x01d50000 | 0x0214ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x02150000 | 0x0241efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002420000 | 0x02420000 | 0x025fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002420000 | 0x02420000 | 0x0255ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002420000 | 0x02420000 | 0x024fefff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002520000 | 0x02520000 | 0x0255ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000025c0000 | 0x025c0000 | 0x025fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002600000 | 0x02600000 | 0x027affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002600000 | 0x02600000 | 0x0267ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000002680000 | 0x02680000 | 0x026fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002770000 | 0x02770000 | 0x027affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027b0000 | 0x027b0000 | 0x0294ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000027b0000 | 0x027b0000 | 0x0282ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000002830000 | 0x02830000 | 0x028affff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000002940000 | 0x02940000 | 0x0294ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002950000 | 0x02950000 | 0x02d4ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000002d50000 | 0x02d50000 | 0x03142fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000003150000 | 0x03150000 | 0x032fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000003300000 | 0x03300000 | 0x036fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000003700000 | 0x03700000 | 0x03afffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000003b00000 | 0x03b00000 | 0x03efffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000003f00000 | 0x03f00000 | 0x042fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000004300000 | 0x04300000 | 0x046fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| staticcache.dat | 0x04700000 | 0x0502ffff | Memory Mapped File | r |
|
|
|
- |
| msvbvm60.dll | 0x72940000 | 0x72a92fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74f40000 | 0x74f52fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74f60000 | 0x74fdffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x75440000 | 0x7547afff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x75480000 | 0x75495fff | Memory Mapped File | rwx |
|
|
|
- |
| sxs.dll | 0x754a0000 | 0x754fefff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75600000 | 0x7560bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75610000 | 0x7566ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75720000 | 0x757bffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757c0000 | 0x758cffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x758d0000 | 0x7596cfff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75a70000 | 0x75a79fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75ea0000 | 0x75f6bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75f80000 | 0x75fdffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75fe0000 | 0x7608bfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76090000 | 0x7617ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761c8fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76260000 | 0x762a5fff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x762b0000 | 0x7633efff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x764e0000 | 0x7663bfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x76640000 | 0x766c2fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x766d0000 | 0x7675ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x775b0000 | 0x776affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000776b0000 | 0x776b0000 | 0x777a9fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000777b0000 | 0x777b0000 | 0x778cefff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EFF.tmp | 11.50 KB |
MD5:
fc99e2df8e39fef063822a59536f0341
SHA1: 20e31c454bb6e619847976fca9a3774761bc86ef SHA256: ad2670867637b02e65896b6733f5332e8e04aa38ee7a3b4f32bbe8b0395d8d36 SSDeep: 12:rl3bEBl/jbuF6lG0QDNsHpycl/8cl/c8l/ccl/ccl/pYAPVFAFA7iSVlNsBl0Cb/:r2jbQsA08cyUccy0pddFAFAc/eAE |
|
|
| c:\users\5p5nrg~1\appdata\local\temp\~dfc7797a38c36d9797.tmp | 17.03 KB |
MD5:
768b6de60861d9516e5309a4030fa40a
SHA1: ce702a7ad7609b9493ba7df3c28d14d8c6870b9f SHA256: c255227646d9606ae8b9eec0a36e61b03edc174128cc1492a27c08752554ad74 SSDeep: 96:CmG8CL3uSTdfB4DioGPWO6JM4DHxO6JM4DmTOU3nrH7H7HDbdnH7HkoGrURI7hk:S3jID0KD8KDmTOU3rbbjdbOURI7hk |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDD.tmp | 28.00 KB |
MD5:
411c54489c34049e2199610827061b0c
SHA1: 45c8b1cd0f797affa0278863e14fcdfbb408729a SHA256: 511a7a4d360aeb07358c518453c936f10549be9d78dc8dec126ac5ffd738450c SSDeep: 12:rl3bQl/8cl/qtl/ccl/cYFilG0QdsHp0VFAFA7iSIytOAeeeeeeeeeeeeeeeeeeN:rO8cUccymsMFAFAZNpCvL |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDE.tmp | 28.00 KB |
MD5:
d7115377f2a1359ccce686121cf3cc6b
SHA1: 67bfc3cd6bb3f78b961946c40887e54051fad107 SHA256: 699c88ebead36086b0db197877cdda0547c9bc18bab5acdeb69258aab1584b97 SSDeep: 12:rl3bQl/8cl/qtl/ccl/cYF0lG0QdsHp0VFAFA7iSIytOAeeeeeeeeeeeeeeeeeeN:rO8cUccyYsMFAFAZNpCvL |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\VB2D18.tmp | 28.00 KB |
MD5:
bf69580d4635091a3184ace19c354390
SHA1: c2e81ea2d0815446914495caffc135bd558d47d9 SHA256: 3252d12276d8d94d19ecd3fdcd4b4aeb0b561647bc8b7095a6afbea567e04ccf SSDeep: 12:rl3bQl/8cl/qtl/ccl/cYFTolG0QdsHp0VFAFA7iSIytOAeeeeeeeeeeeeeeeeeg:rO8cUccy4ZsMFAFAZNpCvL |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EEF.tmp | 11.50 KB |
MD5:
a2083c1d8c9d65724725a8329d632303
SHA1: 3018a18be1df123eeed4fa2bf2ce35449f43530b SHA256: 59dec52e796b6c2a436f2f8cadb652ed645f5f2ccec38ba3fc1e3befa510a79b SSDeep: 12:rl3bEBl/jbuFTYlG0QDNsHpycl/8cl/c8l/ccl/ccl/pYAPVFAFA7iSVlNsBl0CT:r2jbWsA08cyUccy0pddFAFAc/eAE |
|
|
Threads
Thread 0xa60
214
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsTNT, address_out = 0x0 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| File | Get Info | filename = STD_ERROR_HANDLE, type = file_type |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 260 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsProcessorFeaturePresent, address_out = 0x757d5235 |
|
1 | |
| Mutex | Create | - |
|
1 | |
| Module | Get Handle | module_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, base_address = 0x400000 |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| Module | Get Filename | module_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 260 |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Windows\system32\MSVBVM60.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x762b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x763170a1 |
|
1 | |
| System | Get Info | type = Hardware Information |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\oleaut32.dll, base_address = 0x762b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = DispCallFunc, address_out = 0x762c3dcf |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x762c07b7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x762e1ca9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = CreateTypeLib2, address_out = 0x762c8e70 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDateFromUdate, address_out = 0x762c7684 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarUdateFromDate, address_out = 0x762ccc98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetAltMonthNames, address_out = 0x762f903a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x762c6231 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x762c5fea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR4, address_out = 0x762d3f94 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromR8, address_out = 0x762d4e9e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromDate, address_out = 0x762fdb72 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromI4, address_out = 0x762e2a8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecFromCy, address_out = 0x762fd737 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarR4FromDec, address_out = 0x762fe015 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x762fcc3d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x762fd1c4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x762fd48c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x762fd4c6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x762fd509 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArraySetIID, address_out = 0x762ce7bb |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x762ce496 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x762cddf1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x762fd53f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormat, address_out = 0x76302055 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatDateTime, address_out = 0x763020ea |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatNumber, address_out = 0x76302151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatPercent, address_out = 0x763021f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFormatCurrency, address_out = 0x76302288 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarWeekdayName, address_out = 0x76302335 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMonthName, address_out = 0x763023d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAdd, address_out = 0x762d5934 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAnd, address_out = 0x762d5a98 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCat, address_out = 0x762d59b4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDiv, address_out = 0x7632e405 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarEqv, address_out = 0x7632ef07 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarIdiv, address_out = 0x7632f00a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarImp, address_out = 0x7632ef47 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMod, address_out = 0x7632f15e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarMul, address_out = 0x7632dbd4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarOr, address_out = 0x7632ecfa |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarPow, address_out = 0x7632ea66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarSub, address_out = 0x7632d332 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarXor, address_out = 0x7632ee2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarAbs, address_out = 0x7632ca11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarFix, address_out = 0x7632cc5f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarInt, address_out = 0x7632cde7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNeg, address_out = 0x7632c802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarNot, address_out = 0x7632ec66 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarRound, address_out = 0x7632d155 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCmp, address_out = 0x762cb0dc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecAdd, address_out = 0x762e5f3e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarDecCmp, address_out = 0x762d4fd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCat, address_out = 0x762d0d2c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarCyMulI4, address_out = 0x762e59ed |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\oleaut32.dll, function = VarBstrCmp, address_out = 0x762bf8b8 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\ole32.dll, base_address = 0x764e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CoCreateInstanceEx, address_out = 0x76529d4e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ole32.dll, function = CLSIDFromProgIDEx, address_out = 0x764f0782 |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 260 |
|
2 | |
| Module | Load | module_name = SXS.DLL, base_address = 0x754a0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\sxs.dll, function = SxsOleAut32MapIIDOrCLSIDToTypeLibrary, address_out = 0x754e7685 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\user32.dll, base_address = 0x775b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetSystemMetrics, address_out = 0x775c7d2f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromWindow, address_out = 0x775d3150 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromRect, address_out = 0x775ee7a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = MonitorFromPoint, address_out = 0x775d5281 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = EnumDisplayMonitors, address_out = 0x775d451a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = GetMonitorInfoA, address_out = 0x775d4413 |
|
1 | |
| Window | Create | class_name = ThunderRT6Main, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| System | Register Hook | type = WH_MSGFILTER, hookproc_address = 0x729a1e09 |
|
1 | |
| Window | Create | class_name = VBMsoStdCompMgr, wndproc_parameter = 0 |
|
1 | |
| Window | Set Attribute | class_name = VBMsoStdCompMgr, index = 0, new_long = 41361564 |
|
1 | |
| Window | Create | class_name = VBFocusRT6, wndproc_parameter = 0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Keyboard | Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 | |
| Window | Create | window_name = Form1, wndproc_parameter = 0 |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| File | Create Temp File | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2D18.tmp, path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = VB |
|
1 | |
| File | Create | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2D18.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2D18.tmp, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2D18.tmp, size = 4096 |
|
7 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| File | Create Temp File | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDD.tmp, path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = VB |
|
1 | |
| File | Create | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDD.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDD.tmp, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDD.tmp, size = 4096 |
|
7 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| File | Create Temp File | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDE.tmp, path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = VB |
|
1 | |
| File | Create | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDE.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDE.tmp, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDE.tmp, size = 4096 |
|
7 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| File | Create Temp File | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EEF.tmp, path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = VB |
|
1 | |
| File | Create | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EEF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EEF.tmp, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EEF.tmp, size = 4096 |
|
2 | |
| File | Write | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EEF.tmp, size = 3584 |
|
1 | |
| COM | Create | interface = 00000001-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_INPROC_HANDLER |
|
1 | |
| File | Create Temp File | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EFF.tmp, path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = VB |
|
1 | |
| File | Create | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EFF.tmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EFF.tmp, type = file_type |
|
1 | |
| File | Write | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EFF.tmp, size = 4096 |
|
2 | |
| File | Write | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EFF.tmp, size = 3584 |
|
1 | |
| Module | Load | module_name = kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetProcessDEPPolicy, address_out = 0x757eeb9a |
|
1 | |
| Module | Load | module_name = c:\windows\system32\user32, base_address = 0x775b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = CallWindowProcA, address_out = 0x775d792f |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtAllocateVirtualMemory, address_out = 0x77acfab0 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x757d5223 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x757d103d |
|
1 | |
| Process | Create | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, os_pid = 0xa6c, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtUnmapViewOfSection, address_out = 0x77acfc70 |
|
1 | |
| Module | Unmap | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe |
|
1 | |
| Memory | Allocate | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, address = 0x3f0004, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 5358144 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtWriteVirtualMemory, address_out = 0x77acfe04 |
|
1 | |
| Memory | Write | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, address = 0x400000, size = 1024 |
|
1 | |
| Memory | Write | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, address = 0x40e000, size = 43008 |
|
1 | |
| Memory | Write | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, address = 0x40b000, size = 10240 |
|
1 | |
| Memory | Write | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, address = 0x401000, size = 40448 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtGetContextThread, address_out = 0x77ad0c20 |
|
1 | |
| Thread | Get Context | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, os_tid = 0xa60 |
|
1 | |
| Memory | Write | process_name = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, address = 0x7efde008, size = 4 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtSetContextThread, address_out = 0x77ad1910 |
|
1 | |
| Thread | Set Context | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, os_tid = 0xa60 |
|
1 | |
| Module | Load | module_name = ntdll, base_address = 0x77ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtResumeThread, address_out = 0x77ad0058 |
|
1 | |
| Thread | Resume | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, os_tid = 0xa60 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetExitCodeProcess, address_out = 0x757e174d |
|
1 | |
| File | Delete | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2D18.tmp |
|
1 | |
| File | Delete | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDD.tmp |
|
1 | |
| File | Delete | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EDE.tmp |
|
1 | |
| File | Delete | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EEF.tmp |
|
1 | |
| File | Delete | filename = C:\Users\5P5NRG~1\AppData\Local\Temp\VB2EFF.tmp |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help, value_name = .HLP, data = 120 |
|
1 | |
| Ini | Read | file_name_orig = WINHELP.INI, section_name = FILES, key_name = .HLP |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help |
|
1 | |
| Ini | Read | file_name_orig = WINHELP.INI, section_name = FILES, key_name = .HLP |
|
1 | |
| File | Get Info | filename = C:\Windows\system32\.HLP, type = file_attributes |
|
2 | |
| System | Get Info | type = Windows Directory, result_out = C:\Windows |
|
1 | |
| File | Get Info | filename = C:\Windows\Help\.HLP, type = file_attributes |
|
2 | |
| System | Get Cursor | x_out = 859, y_out = 336 |
|
1 | |
| Window | Set Attribute | class_name = VBMsoStdCompMgr, index = 0, new_long = 0 |
|
1 | |
| System | Sleep | duration = 0 milliseconds (0.000 seconds) |
|
1 |
Process #2: wscparent.exe
1873
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:50, Reason: Child Process |
| Unmonitor | End Time: 00:05:22, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa6c |
| Parent PID | 0xa5c (c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A70
0x
A74
0x
A80
0x
A84
0x
A88
0x
A8C
0x
AA0
0x
AA4
0x
AA8
0x
AAC
0x
AB0
0x
AB4
0x
AC4
0x
AC8
0x
ACC
0x
AD0
0x
AD4
0x
ADC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00193fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x001a0000 | 0x00206fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x002cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000003f0000 | 0x003f0000 | 0x003f7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x00418fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000420000 | 0x00420000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000460000 | 0x00460000 | 0x0049ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x00467fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000004a0000 | 0x004a0000 | 0x004a7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000004d0000 | 0x004d0000 | 0x005cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x0071ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x0070ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x006cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006d0000 | 0x006d0000 | 0x0070ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000710000 | 0x00710000 | 0x0071ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000720000 | 0x00720000 | 0x008a7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000008b0000 | 0x008b0000 | 0x00a30fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000a40000 | 0x00a40000 | 0x01e3ffff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x01e40000 | 0x0210efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002110000 | 0x02110000 | 0x02210fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002110000 | 0x02110000 | 0x0220ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002210000 | 0x02210000 | 0x0224ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002250000 | 0x02250000 | 0x0234ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002350000 | 0x02350000 | 0x0238ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002390000 | 0x02390000 | 0x0248ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002490000 | 0x02490000 | 0x02882fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002890000 | 0x02890000 | 0x028cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028d0000 | 0x028d0000 | 0x029cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000029d0000 | 0x029d0000 | 0x02a0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a10000 | 0x02a10000 | 0x02b0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b10000 | 0x02b10000 | 0x02b4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b50000 | 0x02b50000 | 0x02c4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c50000 | 0x02c50000 | 0x02c8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c90000 | 0x02c90000 | 0x02d8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d90000 | 0x02d90000 | 0x02dcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002dd0000 | 0x02dd0000 | 0x02ecffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ed0000 | 0x02ed0000 | 0x02fd0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fe0000 | 0x02fe0000 | 0x0301ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003020000 | 0x03020000 | 0x0311ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003120000 | 0x03120000 | 0x03220fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003230000 | 0x03230000 | 0x0326ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003270000 | 0x03270000 | 0x0336ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003370000 | 0x03370000 | 0x03470fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003480000 | 0x03480000 | 0x034bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000034c0000 | 0x034c0000 | 0x035bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000035c0000 | 0x035c0000 | 0x036bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000036c0000 | 0x036c0000 | 0x037c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000037d0000 | 0x037d0000 | 0x0380ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003810000 | 0x03810000 | 0x0390ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003910000 | 0x03910000 | 0x0394ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003950000 | 0x03950000 | 0x03a4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a50000 | 0x03a50000 | 0x03b50fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003b60000 | 0x03b60000 | 0x03c60fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003c70000 | 0x03c70000 | 0x03d70fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003d80000 | 0x03d80000 | 0x03e80fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003e90000 | 0x03e90000 | 0x0408ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004090000 | 0x04090000 | 0x040cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000040d0000 | 0x040d0000 | 0x041cffff | Private Memory | rw |
|
|
|
- |
| wow64cpu.dll | 0x74ff0000 | 0x74ff7fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x75000000 | 0x7505bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x75060000 | 0x7509efff | Memory Mapped File | rwx |
|
|
|
- |
| browcli.dll | 0x75410000 | 0x7541cfff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x75420000 | 0x75431fff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x75440000 | 0x75448fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x75450000 | 0x7545afff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x75460000 | 0x7546efff | Memory Mapped File | rwx |
|
|
|
- |
| davhlpr.dll | 0x75470000 | 0x75477fff | Memory Mapped File | rwx |
|
|
|
- |
| davclnt.dll | 0x75480000 | 0x75496fff | Memory Mapped File | rwx |
|
|
|
- |
| ntlanman.dll | 0x754a0000 | 0x754b3fff | Memory Mapped File | rwx |
|
|
|
- |
| winsta.dll | 0x754c0000 | 0x754e8fff | Memory Mapped File | rwx |
|
|
|
- |
| drprov.dll | 0x754f0000 | 0x754f7fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x75600000 | 0x7560bfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75610000 | 0x7566ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75720000 | 0x757bffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757c0000 | 0x758cffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x758d0000 | 0x7596cfff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x75970000 | 0x75975fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x75a70000 | 0x75a79fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75ea0000 | 0x75f6bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75f80000 | 0x75fdffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75fe0000 | 0x7608bfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76090000 | 0x7617ffff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x761b0000 | 0x761c8fff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x761d0000 | 0x76226fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x76260000 | 0x762a5fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x766d0000 | 0x7675ffff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x768c0000 | 0x768f4fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x76900000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x775b0000 | 0x776affff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000776b0000 | 0x776b0000 | 0x777a9fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000777b0000 | 0x777b0000 | 0x778cefff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77ab0000 | 0x77c2ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef86000 | 0x7ef86000 | 0x7ef88fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef89000 | 0x7ef89000 | 0x7ef8bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8c000 | 0x7ef8c000 | 0x7ef8efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8f000 | 0x7ef8f000 | 0x7ef91fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe | 0xa60 | address = 0x400000, size = 1024 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe | 0xa60 | address = 0x40e000, size = 43008 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe | 0xa60 | address = 0x40b000, size = 10240 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe | 0xa60 | address = 0x401000, size = 40448 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe | 0xa60 | address = 0x7efde008, size = 4 |
|
1 | |
| Modify Control Flow | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe | 0xa60 | os_tid = 0xa70, address = 0x77ac01c4 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe | 272.00 KB |
MD5:
a51357c529b915b24d18105d30c9dd91
SHA1: 77ab5f79590793bce0d3901b4a39ffccdec0e391 SHA256: 83870dd4c1c44775e9c3aa5d5bd4abce782cb07f3454de4a82bf24f26381d947 SSDeep: 3072:FiGqGhFIcZLkdFoB6CPYqivJUBe9hxWK+:NIMAsbLqJUBe9s |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.56 KB |
MD5:
4382030387e79a2b1515d612e2d7ce22
SHA1: 224f46db29fc68f0dec92288550f324cd85d0cd3 SHA256: e2cec532ac29404195b27bc1a5975b8b8610562ae2593d8cba4e6e06becee2c9 SSDeep: 48:pu35FwWSmmxvuBmkxFbL5K/CAk9jAlbV2IcIsWTVqmpTe1rA:pu35FrSSHxFb1Xj2bsI3jVqmGA |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btc@fros.cc].btc | 16.70 KB |
MD5:
6bedf01bdf5cd5890af04877dfa9e82a
SHA1: 1e6df99bb108348188253d9141416062cb9f3668 SHA256: a2994ff5719a42157a4dd1ee470e313fe852ad6e17435229fca9f41fc9c2f83d SSDeep: 384:4siVJGx5ZQBsQkYTG91MRTNPLzxd0JfpRxMFAYhYngH:18J65ZQBDjRTNDzgfpl3nY |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
3d0e1f18676626331ffefafe53b18248
SHA1: 80d370bf723a4b00b769c1a7266d63de82280ab0 SHA256: 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f SSDeep: 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btc@fros.cc].btc | 1.05 KB |
MD5:
1376d3a85f7117ce29016240cd40100e
SHA1: 6b819528fbc6472402b481f9b3d692e6cb2739fd SHA256: bb66ca13d575264d47b57b935b1c3c0ea9d0572d081d2b0cd882f27eeb109b1f SSDeep: 24:RlR2ov+G1FG2a1HsuODYRKfkN0epEC8A065exWS29SprD2:RlN+G3XqsiXN0eAV2Orq |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc | 2.04 KB |
MD5:
1955e83cf8562aaa33c7397141eaf0d9
SHA1: db5a6eafa354926f81fbbc4df6361b7a2fc27748 SHA256: f050c9f43cf76a4e70c3d4b3beb4b8ca15e343fe358ea7d0c61b2e17e8dfaaf4 SSDeep: 48:Fp8BkMV6y3t2N0z8UB18Ji6VUmVdQfkGa8l3swLjWArY:zUL6y3t2KBalVFtdeLCgY |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btc@fros.cc].btc | 3.16 MB |
MD5:
05716e079128ed480102496258311e18
SHA1: a2ce12a9c2510cd9e104374c730b16dd3d1c2e29 SHA256: 53a87e8b2b8050339c7bbd875fd45a3fc967077b386ac3fc88cbd06e566681a8 SSDeep: 49152:zDxL8QBoSTex4S120ytJySH18/ily78eNXpSbU4rDY:zR89r1aHm/UMXpSbUs8 |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.60 KB |
MD5:
bfc31abf07c6027925fc8ff4da236e1f
SHA1: 6162672da516db0743b087e4f7dff4d0c6fdd4ac SHA256: 77e4d2177f49fa71293093d10a7688f0110260c3a9db24fb6700c9f24fe4656b SSDeep: 48:J15kR8ef5+CaFPARF9HvtCJtcxx/PXUki7zbBFX2KlNkBmVWpFrY:f5kR8a5+9FENvt0E3XU9TzkBmVWjY |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btc@fros.cc].btc | 1.05 KB |
MD5:
0ef3cce40ac67114e72ee0370f8a1934
SHA1: fc2012d58fb3467b2855a94b01086b754ae40a30 SHA256: ded094138739f76ac56fd8e7fdf1d5cfc62d52d485702055fefeef92888e0fb0 SSDeep: 24:LS7bo0sRn33Y2WEPI/XoKFqdha7XyZ9M48RAMjEbsbdp+H82S2dhprD2:LS7bX2WEPMorUCZ9ZsjR2S2d7rq |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btc@fros.cc].btc | 1.66 KB |
MD5:
f8bf09cb94f1817ba7407c2500b26738
SHA1: 4717031829c9714b7553edec619a1829c41a0764 SHA256: d810340a82b39c2ec6d2b3bf3d0db948ff3e413e62a5deceae8602652f1e9039 SSDeep: 48:HsxC3aNVqxG/owMMeSk6XWADx9WxF0M4XSKoGVJBrY:HsQ30oxGQwMxSkFKYFx4CKo2PY |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btc@fros.cc].btc | 3.14 MB |
MD5:
2b5a87740a28674364918546a5524761
SHA1: 1ae40fa5f7efb3f5d474d99507d01bd0639c07e4 SHA256: bf58b425bcc8b2a4b5cc6b7f5a968f81f96a5cdc1b606df31f30d66cfef4da21 SSDeep: 49152:zDxL8QBo0Tex4S120ytJyCMaJGRE0GjZE:zR89t1KMQGRDGjZE |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 1.65 KB |
MD5:
b1cb50d2d9e44db385b3d07f43363337
SHA1: 8006bf38020eb1f03ece66f180dca30deb4fc34d SHA256: 61aae7209e30f10def6a6007ec58fc6f648b94d962c5d6108f0927b35e016a34 SSDeep: 48:VKTNCmgLg0GxZLNLnDaiTibr1nxlckMlrY:VKTQmQGpmiWlnxlzUY |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.81 KB |
MD5:
5e2d74e903279b0cca591f218ad47a66
SHA1: 7aebac22e6ee363628af5170f5e2bbdb0688a8de SHA256: 27770486696caf55c353aa2ebef25c332cfed18bb1ffef26f845afd9957a0bae SSDeep: 48:lIQp1+1sxcvy2I7OqEP8QMMrqanwP93qfU1cQCIVe7rW:WQTS0krM+q7P93wvQsW |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btc@fros.cc].btc | 65.85 KB |
MD5:
6928c18541c08a5e0c1a7914caa44293
SHA1: 85c1223071a9df6356d48f903b8893c6ee7d06d6 SHA256: 14e15c250a2b28d9fdbb79c250469d4344b53d0ca3300c02bbb6b23a626bbc8d SSDeep: 1536:eBhg0x1ElhcLtL3p+B2r/gWYHuyY7JcOAM8BU+Ikyk5Y:mhg0x0hcJL3pZ/IWcO41jY |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btc@fros.cc].btc | 1.05 KB |
MD5:
e1aa87bd32fec204a2c7635f1ef35571
SHA1: b283305f04a41c4a4887c4b642b0d941c9dab982 SHA256: 6779975e40ef4f0223c2033052fffcec25fb0e0b3d643bcc06297b6c64d082eb SSDeep: 24:NHILL4DEx9Fd88BRAyuTHYk/OMDv5TZTTLWS2BeprD2:NHIaGH8WR24k28fTB2BMrq |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.66 KB |
MD5:
284369515314d3791e3a254f20a9a7e8
SHA1: 3611e0732916f30ae26f98f91b924949509ba630 SHA256: 3dc8ee790b3f49d520bb11a53f1263e176c423a4cf5ad12a7200966b09a47c90 SSDeep: 24:3htUAXcrauU+88l/UVIYJ5JhMgpc0/fbhCQmFeKJ+bABa2KtehrD2:b3c+uUMl/UVIODhMgTYQmFVx6ehrq |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btc@fros.cc].btc | 1.76 KB |
MD5:
daa56710979a8bfd7b5d5fe4f51c6ac3
SHA1: 04b0623fe9e95425e5e4e2825a30ebe64d2a18c2 SHA256: 369dee6479c440ee286235e5b83ffbca1812a32ce4fba59d3e9f76767ce8dadb SSDeep: 48:hsi1xK408hXE7WHP4XlNHdF7d9SMBgUCBM0q0xrC:cEXEiwHfzFglBM0qIC |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
2fb10a322517f7cbfb3a6cfe3f7ec571
SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07 SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.18 KB |
MD5:
b7c5bc3b85d54e41306e091693db084c
SHA1: cc447d9d70eb398a204cf4d1192ff5e938d61016 SHA256: 70db1eec3c54c52809c59b422692165e5307957972931a83fd384b73c729f6b3 SSDeep: 48:/YT5WLvYb0z45SKWEFs8WtRsuDhtf8MhCJLeO8NPZTq09nU7NYrY:/YT5Wbr4LWsWtRztfjE1eO8NPJq084Y |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 30.60 KB |
MD5:
bbebe24d9f1463194f89717c032c580c
SHA1: 21a6a147fc9cea8aa4a1af6cae1d1bb3e73e4239 SHA256: 1d99ee999918dc87829a0507786c4b68b52fbaf14279e06af00ee7f70943a1b9 SSDeep: 768:+ta8m4QprbY8pD2aWYzQihoeTcKLVriZVMtQ66hCnmqZ:P8mbvrwwQVaJLeMO66hCmqZ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btc@fros.cc].btc | 1.03 KB |
MD5:
b98b44d4ba1e831ce24fce8ae7693393
SHA1: 0ab7eb6660cad30b4f91e60686b54f521f61a12b SHA256: 7916a30c8775d24d6836f61e318378f2bd5c70bcc21904e01a3e9c8a4af7dedb SSDeep: 24:RzRz6XEOf9fwWJb6D8YR+XFQdE+kSU593+SFySMpYoTd69BDbTI8ZRrDe:R16EubqVR+XFxSSydjd69Jbc8ZRrC |
|
|
| C:\BOOTSECT.BAK.id-9C354B42.[btc@fros.cc].btc | 8.25 KB |
MD5:
b53d9708d7c54707a438854f1158ec1d
SHA1: 270f69ac030d16f593bcb357ebb84676caf63a52 SHA256: 84a588f18d411277e57b186bf3dd5491e8438e635813d3d3c3f7e8ee26f8fc31 SSDeep: 96:JrsIZv1S5DYWRspmFeOA30N860EGql6Hl5LQjeF6l6r10yMbrDprfQy8Auzu8/lC:JnFWRskFAiQH8CF6lmXWrDprfQy8D5Y |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btc@fros.cc].btc | 582.61 KB |
MD5:
bc1affc3077741e2b2c7768549d6e9e9
SHA1: e8245cbd5748e58332df31cd448c6ac017927b46 SHA256: 7f150b6c6f727b11b46533a260fdb3d28fd44083f132fc9c77eb1f64c221f642 SSDeep: 12288:srHoHXl5PGDj1/WuiHrXTtMdvRnE55qxxG2mAnyCL:srHoHXlpGDjw3LjidvRnEA9mAyCL |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc | 2.47 KB |
MD5:
74a1707819347b4b912a8c436708385a
SHA1: a45224cd84f34b2fba2ebe1b8db95b6411920ed7 SHA256: 9bcc9198ae1b8a99caddd02d40a0d26a91ec516fcc78b28fc9f90133864abf23 SSDeep: 48:vwefbsRtgis1rVzU0xSrwxgfTNrT+REFNUTPo4nIrY:v7bFiMN1SrwCfTNX+qGPRnoY |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btc@fros.cc].btc | 2.13 KB |
MD5:
c10d94ca5552c64186abe37a9c846813
SHA1: d50444855ad5e0ccb5e88a8f7c09900f8e9366e1 SHA256: e3e70bc4055213312a6cb36d12b4866eab16b52aac96497cb5689892d4ed9e4b SSDeep: 48:jZIKZ1AWpfhg0RaLsAOGlHnS6RFCfM0kWxQ42Eru:9XZ1jFhrHIHnzXCfvThu |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btc@fros.cc].btc | 848.75 KB |
MD5:
f78878b5c7abb3463a5f4baff84ced8b
SHA1: 5912b57c210926b80c50db6b7cd2d6a1b67814b4 SHA256: 4d58d316110a9492618bc53882d882751b3776a211858abbe40ee3177e78ede7 SSDeep: 24576:ztM+BeO4R1AFQ3XmSbrYglaOrHv3vAtBKo4UPkLFz1HuZZ:JMUD4TOQ3W0EgJvot49UPkvHun |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btc@fros.cc].btc | 860.74 KB |
MD5:
0de3c0263a5acb6f2e001a40b1372aaa
SHA1: cbcaed20a9b1b0b61cc8ff3a5e80bed47202f87b SHA256: c83c10dbfb354996edee5b3484372d485547f67cd8cb0371b48705a2206d46f9 SSDeep: 24576:lnzj7bZZpLbu8keff+2Up+l0zxZ84Rw9DLwfHJC:hHFy81Re+OxZ84RC |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
052b4a3aaf24e1879297e0f1408c7662
SHA1: ccf2d2087988828f8117c27f1ec3ccaf4b5b926d SHA256: 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 SSDeep: 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.60 KB |
MD5:
c582b09e4c0dfd63a9e0c041d40c743a
SHA1: 581a7b6695509500bdb0b73c0908161116928aa2 SHA256: e1831baf5d2c6f6f24f134a3736378a8424945a3b35a3775f4091ce91133ecbb SSDeep: 48:q0CZYEGEE9us7BtgOB5IkJ1dwxbb9c+o1e06rU:NCZYiE9us7x0kr+gOU |
|
|
| C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btc@fros.cc].btc | 0.37 KB |
MD5:
fb194179f98e420f5e1b52b74ee00319
SHA1: 5765d383bd66b7ecab4dd609ed9bbc8f757b9869 SHA256: 13c2267c59a124e4c33cc00bed5163269654e64b518cf0df89e5b2c875a68f49 SSDeep: 6:k6b0WqO1Rbsdd9yQLSytRxNCkwUX6WCMZx9GVWKGGeE4ckmWxUI8qlZDW0666:k6YtO3GyQekb7wDisVWKGjmI7DDW0g |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc | 4.42 KB |
MD5:
0e0ec8cf1c6b2529b2dd85a7c508b26c
SHA1: a60a506ab3fb0c2ffc8fcd6f62e9bb6684780e11 SHA256: dde7696748f5a25bd12160084f6d2f160c2e8b89946649019868bed2f559933a SSDeep: 96:uifNBhoU0FuuGkLxbekNTRAP40NfhY8FArCcRW:usoU2umxbekRRAjBhnFArCP |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 4.33 KB |
MD5:
7e5a98ccb757a8aff7d55b16136c1f25
SHA1: 3df5d8ba966d2620c7f9f8134b0eed9aabbdc961 SHA256: 9fbb3bd7483ca5c48997b505373ce227f9dc6b42c7e961097314e34d07745fd8 SSDeep: 96:Az/Z0Vij8Vdqj6fQLSIXKK0sdOQDypvfu9DgMrk9dc3sl7Z+CAa8C5dY:A628Vdc6fQLSmr1O0ypvfkT4c8FhAO0 |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.07 KB |
MD5:
1deaf94aab8530a86b45165073ecb2eb
SHA1: 50a563a9d44c820aab8a97b75c9a41c2c4827c9d SHA256: 08b8b10645e96433be79dcdc6e3f7ca1bbdcf09c4746f896c3d6d4ec825ad8b0 SSDeep: 48:gnWzNjCpChl6Jd9RZI7aJpKTCOZaeiJrPIpnrY:gnWz9CpCs/ZNKtZ1iV+rY |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btc@fros.cc].btc | 3.36 KB |
MD5:
1d873f9ae538b3a7fffd334860e1ff08
SHA1: 27e5a3a97397c9ed82751c8f7323969cfc65d427 SHA256: e6670033625ad933582f57e8900f31433b4206ddaf0d081a47af489a16865444 SSDeep: 96:aBP92ZcnPv6+5C15zF81AoajUA5/fnqCrqW:1Zc95CPdoajUWfnqI |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btc@fros.cc].btc | 3.15 MB |
MD5:
60a8f28a97fb7193beae43a4c39f23b5
SHA1: 9ba43d467f2de7cbb0c0c3ef20b0f2855ece79ee SHA256: f72b493ff8d7bb682100d19bf03224e711899368328939b0a0eb6aad8e2e5e2a SSDeep: 49152:zDxL8QBonTex4S120ytJy19O+scw5cYHOgvQt:zR89K1HOzeGO/t |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
4fb6c079967f604d4b8cdf477caf6de0
SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.80 KB |
MD5:
757c5c1dabe3ed008622f6cf22e2219d
SHA1: 9a1979947d8b66d54da87fae6f17a9cd879ba37a SHA256: 37e2c614e4c505d35fd5d3144dc2ca0553d5d7811a3b5ec1b44b8a225bd95c5b SSDeep: 48:/1RHrT5P2XBMFoLj375zds7TlTUlMrC1ZVz08hSmiPaFd345LmV27hIrY:/1tlPmBf375KJUlMrCJMxP094pmV27qY |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.66 KB |
MD5:
0fc473d7108183c453e741b01484b9c9
SHA1: f23d41da440f3b8db6c6e4fe39999ba0bc2512fe SHA256: c61b81f9001a8424a81aa2662fbc12b351814273da8b7ef0c4ccc8fde4247cb5 SSDeep: 24:S1EzoxLXLNod1e7GHYzfp8A8IvcK8N3H4ImhnovA0P1D+tJ7W0dHKV0l6eud7rDK:SaUNXLSigY6ZIEKSAN0PkJi0QG6eu9rW |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
b12c82f2e008acd18dfaa08ecbc08326
SHA1: cd5eead38a520946883d8e14d2054cd447d25f04 SHA256: 5a84a262aa9237cdc2948ad9cde7dfb1e0db463c1d392607e356242ba87aadba SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+Lh:MUvTiNhU4L7tZiTnprP0txRsLh |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btc@fros.cc].btc | 1.44 KB |
MD5:
467c168c391261a5bc38db00f7a031e1
SHA1: 072dba51327fd0b4d11e3b8821141a8b025043d3 SHA256: f0b0aa5812cc56e8bafaf4f5bcc9ec2f5546225c433862f45547acfbb521dda6 SSDeep: 24:xTfJn/taQ6xe0jRMpNGKSvkjYl4QvSWrYH9+tAwOcIQTDAkvtDchdwYmLIprDg:xTfp/dUjR24K6kG4ZdAA75QokvtDchB+ |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btc@fros.cc].btc | 3.14 MB |
MD5:
592dfb9af55fb800824c3331cdf64774
SHA1: 84311e14d1dcc14f78de4388b1b7d032a29e7767 SHA256: 6a378000939e3833ddd6861734bd75abf005842d94b000fa0cee49156b42a1de SSDeep: 49152:zDxL8QBo6Tex4S120ytJyNiwh0AVNjndWldyQf7bZhOYiq:zR89j1MwegNgoEppiq |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 5.97 KB |
MD5:
f6fbcae965455e40000e892f3bf777b0
SHA1: d203eef9e15b90f7acc99b0278782b2c71764dcc SHA256: a8218f02c4bd2fc15890092ca924ad699694f847c059dddd307f6e0d01052923 SSDeep: 96:yCR2BRVZxDq2sVyt13XHR12FUC+86AYEDKrT5cjoNSEf+S09kdDm3id819Nfp4jU:yzBB71XHWpoAc1cYfM9k9CSK9Nfp4rBG |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btc@fros.cc].btc | 9.51 KB |
MD5:
6f8b491ae847fc8ac823d8ed1e8e5b6b
SHA1: 3f1965dc1488f9c02b2af720837250a736c97aa4 SHA256: 50ef25bf354ba10da365a4e015a5b1572ad637dd01710eef914078b286b6a52b SSDeep: 192:R6C7SVEqKxbUhK2XwdgaEEvToUvRSvFA2g5NYvexEXnT:IGSVccF1aEnjyVYegT |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc | 1.65 KB |
MD5:
eff9bc7f64e650f877ecd0871172ed4e
SHA1: c285e1a1ee31c26cc9acea18c6df8fb8d4a89efb SHA256: 4acc37cd1ae749a7cbf72c4d926c517bbcf5fb72d041c557353832bcf6827aa0 SSDeep: 48:25ZE/PZpwhwG4n2ZHj0JEIKoe/DyYbEIgrY:2LE/hpewMHAJioe/DXA7Y |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btc@fros.cc].btc | 1.27 KB |
MD5:
f5afc2b54fc64cec5fe0790ff24d0c8c
SHA1: d10f203b570e9e7f695d01d0f90c9156f1874fa6 SHA256: 0f95040cadd8ff76a3ae9a93f4fc9d823f9ba6027bb767737139f6a5d1990c11 SSDeep: 24:6ALXiPVniCIWrB0patB2lzUskhE+RWqg7H59IdcT8OCL17rDa:6AALnd2loskhMqogBOCB7rG |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btc@fros.cc].btc | 865.24 KB |
MD5:
367273daad738c69751da9441d8892a7
SHA1: ca308dd6cd9c2a328bf141beb5dc149c7529297c SHA256: 062ec44ff79a5884f13915389ea4a9925cfb6098ba7d9bacfab32ac8fa7e5478 SSDeep: 24576:Ozmskn/gHA/P3jIayYUYm0NRttXnbeOa+A9551zVKQ1rNuMfZHPOL/l8DB:OzZY/Y4vb7NRttXnbkL55m2NTxmDlYB |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
6b078cbccbab0d5edeaa1d85f11ba58a
SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btc@fros.cc].btc | 3.48 MB |
MD5:
bc93fa6a468de8e883978f3ce56563eb
SHA1: a78525c53a5accda03119f9c3bd98254b80ff5ed SHA256: 5faebe79bb251145ab9eb009c3749a75601ee6a2ed5303eb4c52c768d4fae011 SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ6jAIkbVzEbvYL1so:fqLVW6v/PkbVzETYph |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.14 KB |
MD5:
5bf8604429f6ebea9f98faf4cb383c45
SHA1: 2753fd6e087420ad43b1f2256cf031c593716b2f SHA256: 7f724455448a6e62b407d0004b6f600096b27a271b06e2fd9187ca76f4f88ee6 SSDeep: 24:ZYter8NbF6DJ+DnFJabL5geEPmEHAD+oz70cTROGTpTaegrD0:ZSFeJUFJab1g7PmbvtkHegrA |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.54 KB |
MD5:
01d7073efbe8fa8b0bafbce26e52f2e9
SHA1: 76b4a0315635b09ff428cd45082f0423a0a1bfd4 SHA256: 3f413ca66fa11c58304f73821c9caf6f4af0b26eb2afb1499abef528165ddc1c SSDeep: 48:p9GGiRVeWerkVSWvZlrpn7EqINDJS+MOBYV5+FQYT25v1rqw+izXrCMOGq8arY:WQrkSWxl9nAq4S+MOBG5+h25jXrTuY |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btc@fros.cc].btc | 26.79 KB |
MD5:
eab1bf584975074334f237349ac441e3
SHA1: 643ff92047e83aee0ba8b25471fef9f029439a10 SHA256: 2d945daf4b8c842ac5854031a38bdb1e3780514ba8b4eec1e89570043d6ddd39 SSDeep: 768:Em1J9FAsQxLoONDswpNzwWefBWtKp6qEh:39lQZXY5WmEh |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.66 KB |
MD5:
eaa11e005d971ce8ccc9898ce887d145
SHA1: 905a22a7cddd7eed971dc8dfd63e38024460d625 SHA256: 7f2061f56f2e1e1ce6e8a2d57653473ca02ffdd8d95138461865c21033ced158 SSDeep: 48:VSN2tXc6mCbMsGq+3htx8jIpqtPu8muteQro:8N2tBBosOmIpqt9Jo |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
42ac6eff5aa1dad153cb32ec3d616e43
SHA1: 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 SHA256: b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 SSDeep: 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btc@fros.cc].btc | 2.35 MB |
MD5:
5a4069ee8557bf0f2596e5b3576230b3
SHA1: 68925ebb4d771a51aeefff56ffd3f0711510930f SHA256: a0b0aef1e25a5cc8650ed96708a409cd74c2930ca4a4fa71f442c1740421b4ea SSDeep: 49152:R0opH/cgHa3HRxz+4gF8ArWJLJPJmmYKy:R0op1Har+kiWJVPU6y |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.04 KB |
MD5:
1a96d49553171f81c588db5dbc9e3c38
SHA1: c11aaadef136fdf517d3be3a812c9eb3b37147bb SHA256: 521363cb9742a7991acf0ca39e2a5bb5f9299425448d7c57fc2e30958e86cd1a SSDeep: 48:35b/1sA0T2VkiwEH6dDVXekl2DPj8QXSSkorY:N1sA0T2JwEKVXehDhRkIY |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btc@fros.cc].btc | 855.24 KB |
MD5:
bd3d1387e7642b0672836d7fbdb0c713
SHA1: d788dcd2dc22e73af805762a326bc5e934dfa566 SHA256: 82c488410730adde0104b8dc6255418349c49dfce31a91d31a246854145bef03 SSDeep: 24576:NkCYS0bYJiQM42GlBAYw4wVs5gHfCig4ZkFe:qSnR1jAYfTGqiDKFe |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btc@fros.cc].btc | 582.61 KB |
MD5:
40805820bd21fe9cf0ea8618b09a7ccd
SHA1: fc2a0788d0892b343f78e03df4117794a0597cf1 SHA256: 31642a04216f4dc3ef727ee402e8afdad9fd50c292920a3578b3f48f49b78db9 SSDeep: 12288:isRnGPYL35rtwCiWQMfiRZ0yK/h8AT4K0CO2iXdngDlXVuyCHGTp:iOnGAL3nwgiVYh9T4Kg2iSxXVufmTp |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btc@fros.cc].btc | 1.27 KB |
MD5:
737affa03b43aaa51fd2f96724e464d1
SHA1: 6b6736b7e4afb3e01e0155104eaa837536c4c7e4 SHA256: 1412f1376b5c0f03acf76cd81716a4b56c65d3767fd1957d6d3e0fdc16bd876b SSDeep: 24:acx7/kudiiImCcHS+sbFUQ159BTWm3Cg+tpUwej87OLRaob6QfoK2YrDa:F1/J5tHS+GPBTj3Cljnn7OLRTAmrG |
|
|
| C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btc@fros.cc].btc | 64.25 KB |
MD5:
9df8a5cf5cd8e3dc8c3fc575924c585e
SHA1: e0730edbca629f26542f555f66db3214ff8bfc47 SHA256: 7fc90603948e13df684ba09b2539377766c0af1b5afdf2fe0658093118e77de8 SSDeep: 1536:j1voGDTiZegsyezZzJewheHXDzcLeuBY0knzqNT7Npmnxc9e:jF9D+ZJsb9F7PjIzupGH |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[btc@fros.cc].btc | 1.56 KB |
MD5:
526315f859a6345a3158ae8cf07814f8
SHA1: 83c5ce969f4dffd36cafbdb6f4b968202c2b0fc7 SHA256: df8fa3b2ea1b8f943a773cf76d47fb612212566cad4128a28c79962b963f1357 SSDeep: 48:SuyHZ6DR/ZrseljYFaYR0W/HE0FA45cSRwuMrA:SuyHEDXLljYFPX/HfFA45cv3A |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.99 KB |
MD5:
8c44afa3984b669d7ea2d394f05c093a
SHA1: fa849b212c1798e0ae81622a112f7576e9ce5133 SHA256: bd783296c3e863f1cb3e1f742e8ca797167587af7b1a7d0991cb1c7cee328ebe SSDeep: 48:m1RDVkeAS/B1k4w1nUy96VCZmmad8XVfdB8eGrs:mb5fAS/U4w1nUJVCjaGXV1Bas |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc | 4.42 KB |
MD5:
ab95576902479062d19169ed78d4bc1e
SHA1: 08bf0b82c11f7320029d2df9eeb1ba27dc44cee8 SHA256: cda98a563d338a81e3ef6a444296e2bc4041df7811db0c93e0287699914b007e SSDeep: 96:uGnRFSygVeaXs70jLvqnMrCrIfnlEB4lBESP/DgR73RW:uQaygoaX9wrsnlEB4jECrYk |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.76 KB |
MD5:
15f99d54228d3a3c6552f788d7bcfa1f
SHA1: 309ee25dffefb31b752a57ad824b775cd7aa49b0 SHA256: 238d1a1d763a6c1258c87e54f47a83ce3c64d5301b39e2524a1f778487d031d5 SSDeep: 48:kSm0FAw8o6nkrdx5TQMva+KW1PleqHXenurC:k90FAPokivTPyI0qHfC |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btc@fros.cc].btc | 853.75 KB |
MD5:
042b460c602283556f693e7d8ba64027
SHA1: 49a6daf99da8bd6e9de1f74fed01d687c92eff42 SHA256: f3ce488092c5fd3c24ba56f79384755a55de5120e85ee3f1664801820211aa7d SSDeep: 24576:v7TdWdJd24z993bL3++XnUFk+AByNyyenXfn/ene:vIdHD++XUFfyjX/mne |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc | 2.80 KB |
MD5:
6851a33f2613787f25d88553ba059f96
SHA1: 00a12f101c417608ce5c306be5cb1d7d366850f6 SHA256: e406aa53e65745af8725507c02bb0e0983fd4e86f0e56f7f52db9fa4c2587ae1 SSDeep: 48:6yqfK9JhnDojWH2VOq7Mtaj8+qGKbOgJzziSyOf/Kfik4ziaV2rY:RqiJojWH2VP7MJGKbt4QQik4eaVSY |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btc@fros.cc].btc | 1.66 KB |
MD5:
da234924561004bd96527fb1286210d6
SHA1: 965b4047cb96202dd8bd8bac8da002e339599162 SHA256: c9497195e797b4cc924cf03fc5b4fdcdee678a1cd6dcfa07fa2b23357df0a88d SSDeep: 48:qV/KM6yKFyXXLkFqS0OcXgn588bJ3v0YZrY:qV/uirSCg5Y |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 9.37 KB |
MD5:
67bf177e58e81bef296c8f1fbc83bcc0
SHA1: 7b82ba9180a5522270416552533c092ed2a24d5b SHA256: 0c87088ed24afde4680395675d2f1af671a5e0a7a32bade2e8208f0d720224b0 SSDeep: 192:3Sns3xYd+D2By5CLvusP9GvdDPqJXaOG+rRzATe+mC6:3wkr5qvTWWJKR+JATr96 |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btc@fros.cc].btc | 8.76 KB |
MD5:
549e9a2c1951da1446d243ac2bab1a80
SHA1: bd1d927c94f659097da268af35d6379ec768c37e SHA256: 67b078a861dee1e68eda82a59ae62b7798c9c2af76acd89e88de9db3bec32c64 SSDeep: 192:fvNQq9gSX7g1+VV0ji/rCQ3fZEC0Jg1MZACavAjvVpaAolo4:fFQahLp0u2QyC0Jg2u74jvVUAolo4 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btc@fros.cc].btc | 1.88 KB |
MD5:
551b352b22e5dcf2dc2a9a79f4740d32
SHA1: 0cd7406a8b417f8640939823f0383dcf97cdd3a4 SHA256: cd16686379ff75205757570949a48e9e0adf82a2df450808b5db126755e31842 SSDeep: 24:yz0IATVMN8JR77rfLZu3KmsiHwmi4HFbfHRJ411dVe50cjiJ67HcS+DkQrDa:O0IfN4rfLZUKl5qlzHRw1Lerh3+DkQrG |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 20.33 KB |
MD5:
b720259ce00e042b6c80d42401ae86d3
SHA1: fd5bc71f579eaf729ea5eede2321de66f491c21e SHA256: 3370b5be9ae8a58223abef6f7ed91f680def3f476591bf0478a02eba694a9899 SSDeep: 384:ZOz8NAlPlWcddtyMDAxsGgxPme5PErJXi3Av6+vrAw17Srh304R4RWd3:2BRMcdvTRGmm0srJ4AiGRcl5N |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.07 KB |
MD5:
24cfe0180b3623b8c440fd14ae1a4476
SHA1: bf49e73ad265e30cd4b13cc6dfec7c82bfae2511 SHA256: 0b2ec7fa8a0e857eb3b10f5821be1a6fef701a35fa4448273ce945a6ed4aa0b7 SSDeep: 48:7cGcysewIN/loZfNgDy5e4hVq/FrjwZFRquOKVGM+WkrY:7cGBZSZfNZ5pkpGsubcY |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btc@fros.cc].btc | 1.44 KB |
MD5:
98448cea542eeafc310431ef040c239f
SHA1: 98a2def9f16e57899fe3c7c2cc0f04d7e241a4c3 SHA256: ede75a938a838d14003f3648f9e998f01f7f64be628a322876e88cd0e47c5299 SSDeep: 24:hJHLjKC804crXws3axjwAbU6H71T4DdTWHpfAOwhLikKamTYk1w/2PSWxZZnuyey:u04c8sapH7p4DdaHpfAOwhxmskSe1pug |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btc@fros.cc].btc | 1.14 KB |
MD5:
9ad92651ba456bcec196c2e6dd05ded9
SHA1: d5b7acd4990c7914cadf2ae20a0ad58019c2050f SHA256: 41c1f88302d8cb0262d20139dfe77ed5181a52bfd2a4f8ec0e918680789ec4d9 SSDeep: 24:3ZapcEu9U2hz9QUsyTT4ocU3wFbq0KKsx8EPsIRHo+AALECrD0:JapcEcUEVsBo/wRqpKLkNRHorCrA |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btc@fros.cc].btc | 6.51 KB |
MD5:
bb99cb0e2fed8edc5e99cd0ceb57e88c
SHA1: b386a00aa3b9b775b7e2a621e2fe96c96314f525 SHA256: 25747f9ba3e07605e083b7dfb0bda6229c108ffa86219de22c8b0c7cd4da6b21 SSDeep: 192:OMm3bIR62tLtltEy+g04NAtpC6EeJQDb46:OlbAvn/Qg0vb12v |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc | 4.42 KB |
MD5:
c100de8840bad17fbde59f1ed1f71781
SHA1: d4048a7b943aa760abafb8f7af8d56245a95a421 SHA256: f2fcab4ed5858f5d0d75e1d86ad5af171be7d1c0a8bf71209841f3913efd2a11 SSDeep: 96:FDwQuEvLV+k9QvfH+rrPTRS9UEAZ8/FL+lokjDIWoB0KPRCoYeJZW:FsQPkk9YfHwPtVEAZ8/F+XDAB5J7Ye6 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btc@fros.cc].btc | 14.94 KB |
MD5:
fe2a09f174b87bdf630de980cb9da67f
SHA1: 3b7e2fd009f713c80d39adb674b969e9af573025 SHA256: 893ea4e0abeee418f99a39f019f0c7f2c520c94f48b7bb381d8fd0849e391bd8 SSDeep: 384:KRc4BbZ4P57/LCni1sz/Hmao+CHUStsvBPTdZtpDOQea5:54tZi57Z+S+CHKBLd3pDka5 |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 2.47 KB |
MD5:
454821ca3e43c9783e052ac25cb54a2b
SHA1: 2f6874860cab2367d4c12dd6acae0aa5d7cd91c2 SHA256: d9385ec41d84268cbd866ef17350bb72147684fd4332f88c45139c91f94158de SSDeep: 48:GWwVipP/YMLpscx++HQXvgvnEp0wNfhif67Zq8TrY:SoHjacx++HQiEp06fhif67c8fY |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 16.52 KB |
MD5:
2ebd106a6cd1260e09ed3c32c9d1c052
SHA1: 86ed0fc7d5bd80d71e6f9a56c350ab52a61103d7 SHA256: a9b09c4d536ddc7416ecb37f89c14510237f9666447ae5d45acf1a892402455a SSDeep: 384:kCebmlZiEfXHvR5T7BmexCXP2NihNzkLy9vLVcyxmpX9cjUXu:W4HnR5fBfxW6ihNOyZFmh9eUe |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 6.33 KB |
MD5:
925bbdf58f4c42ce17de89302926d04b
SHA1: a127285a0a43c0be30a24d1f4c7ea7373cc8c3e7 SHA256: 3db9888ba4a020bbea97fef50224a280170fb165c7961b826b264f28aa63f836 SSDeep: 192:CbLOuTvvved9uH69577bp3xWEa6kLujIy6ICI7:CPOuTXvey+xBWz3LuEy6ICI7 |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btc@fros.cc].btc | 10.00 MB |
MD5:
0132354deb06c352353675fce278a129
SHA1: 82f447263c0d4d83d398af15034413083edcbc35 SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btc@fros.cc].btc | 1.55 KB |
MD5:
3b4226c2f0a31888d750c3bd5b8aea31
SHA1: 6f8fdf226927ffb69fb113ba3541c78546418324 SHA256: 35c569a91cff83312c1805cef7f00af40806506db77e6033ae9b28db9767daac SSDeep: 24:mqeox0ifk11P1i0ycYplgdwJtUyPbL7nUiTqz1gGzQizeyPfChhnymibHDoHo5hv:mqeox/M119i0Bnw7dznLGcK43wBM1rY |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btc@fros.cc].btc | 5.67 KB |
MD5:
4002b453a8ec4c63e29ae850e76b75d1
SHA1: 954de66867bae63c534b943f6b5f504bfb5193e9 SHA256: 94a27d94de68660f7b5d22a4d17f2f685c3efb76c2370f8c61a179e44e760ade SSDeep: 96:IOJYuH2Nqtln3QErgDKqsx3tAHZ7BvmCIcnl8g5cetb/zk5Gt49VajGlbA:IOJYuH7lnLlx34NpmOn+gXp/45b76 |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc | 1.80 KB |
MD5:
ecb1b95bc6f63d33a6a1fa7256e5ef0e
SHA1: 40965f44c3e535674f7fd7f8860a58280a40b9a2 SHA256: 934dd38c7234d765046e655ae087525e45b6bce51219c117bb3c12a2e313d488 SSDeep: 48:ozCQz3iwBveiqoEIZCGV0GlXFgstqlUmhJ7TXI26KhpAAWrY:ozCQz3i6Xv5gsgl7J7TYT4dyY |
|
|
Threads
Thread 0xa70
160
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x757d1222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x757d34b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x757d54ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x757d4442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x757e9af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x757d59e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x757d4950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x757d1b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x757d7a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x757d5223 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x757ddd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameA, address_out = 0x757eb6e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x757d424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x757d1700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x757d5a4b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x757d1809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x757d1136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x757d5371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x757d110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x757d89b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x757d170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x757d1916 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x757d10ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77ad2270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x757d3ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x757d3f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x757d5151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77ad22b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x757d4220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x757ed5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x757d3e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77ae45f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x757d111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x757d1410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x757d4467 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x757d34d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x757d4173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x757d1725 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceFrequency, address_out = 0x757d41f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x757d11f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x757ed4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x757ec860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x757d1282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x757ec807 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x757ece2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x757d4435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x757d14e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77af1f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77ade026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x757d14c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x7585415b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleInformation, address_out = 0x757e195c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x757d103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x757d3bca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x757d3c5a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x757d1986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x757ed802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x757d5a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x757d5a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x757d11c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x757f735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x757f896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x757f8baf |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x75720000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7573468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x757346ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x757314d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7573469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x75734304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7573431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x7572ca64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x7572ca4c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x7573369c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x75747144 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x75732a86 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumDependentServicesW, address_out = 0x75721e3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumServicesStatusExW, address_out = 0x7572b466 |
|
1 | |
| Module | Load | module_name = user32.dll, base_address = 0x775b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x775c90d3 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x76900000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x76921e46 |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77ab0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77acfda0 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x75420000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x75422dd6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x75422f06 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x75423058 |
|
1 | |
| Module | Load | module_name = ws2_32.dll, base_address = 0x768c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = WSAStartup, address_out = 0x768c3ab2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = socket, address_out = 0x768c3eb8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = send, address_out = 0x768c6f01 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = recv, address_out = 0x768c6b0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = connect, address_out = 0x768c6bdd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = closesocket, address_out = 0x768c3918 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = gethostbyname, address_out = 0x768d7673 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = inet_addr, address_out = 0x768c311b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = ntohl, address_out = 0x768c2d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htonl, address_out = 0x768c2d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htons, address_out = 0x768c2d8b |
|
1 | |
| System | Get Time | type = Ticks, time = 143708 |
|
3 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_74DX46A, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_74DX46A |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_74DX46U, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_74DX46U |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 32767 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Windows\System32\WscParent.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 1048576, size_out = 278528 |
|
1 | |
| File | Write | filename = C:\Windows\System32\WscParent.exe, size = 278528 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, value_name = WscParent.exe, data = C:\Windows\System32\WscParent.exe, size = 66, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WscParent.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 1048576, size_out = 278528 |
|
1 | |
| File | Write | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WscParent.exe, size = 278528 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WscParent.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 1048576, size_out = 278528 |
|
1 | |
| File | Write | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WscParent.exe, size = 278528 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0xa78, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 65 |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\WscParent.exe, size = 32767 |
|
2 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xa80
64
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 |
Thread 0xa88
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Computer Name | result_out = XDUWTFONO |
|
1 |
Thread 0xa8c
69
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 145018 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Get Time | type = Ticks, time = 145143 |
|
1 | |
| System | Get Time | type = Ticks, time = 145252 |
|
1 | |
| System | Get Time | type = Ticks, time = 145361 |
|
1 | |
| System | Get Time | type = Ticks, time = 145470 |
|
1 | |
| System | Get Time | type = Ticks, time = 145580 |
|
1 | |
| System | Get Time | type = Ticks, time = 145782 |
|
1 | |
| System | Get Time | type = Ticks, time = 146001 |
|
1 | |
| System | Get Time | type = Ticks, time = 146453 |
|
2 | |
| System | Get Time | type = Ticks, time = 146562 |
|
1 | |
| System | Get Time | type = Ticks, time = 146952 |
|
1 | |
| System | Get Time | type = Ticks, time = 147108 |
|
1 | |
| System | Get Time | type = Ticks, time = 147374 |
|
1 | |
| System | Get Time | type = Ticks, time = 147732 |
|
2 | |
| System | Get Time | type = Ticks, time = 147998 |
|
1 | |
| System | Get Time | type = Ticks, time = 148154 |
|
1 | |
| System | Get Time | type = Ticks, time = 148263 |
|
1 | |
| System | Get Time | type = Ticks, time = 148388 |
|
1 | |
| System | Get Time | type = Ticks, time = 148497 |
|
1 | |
| System | Get Time | type = Ticks, time = 148606 |
|
1 | |
| System | Get Time | type = Ticks, time = 148809 |
|
2 | |
| System | Get Time | type = Ticks, time = 149152 |
|
1 | |
| System | Get Time | type = Ticks, time = 149292 |
|
1 | |
| System | Get Time | type = Ticks, time = 149589 |
|
1 | |
| System | Get Time | type = Ticks, time = 149807 |
|
1 | |
| System | Get Time | type = Ticks, time = 149916 |
|
2 | |
| System | Get Time | type = Ticks, time = 150026 |
|
1 | |
| System | Get Time | type = Ticks, time = 150135 |
|
1 | |
| System | Get Time | type = Ticks, time = 150244 |
|
1 | |
| System | Get Time | type = Ticks, time = 150353 |
|
1 | |
| System | Get Time | type = Ticks, time = 150462 |
|
1 | |
| System | Get Time | type = Ticks, time = 150587 |
|
1 | |
| System | Get Time | type = Ticks, time = 150696 |
|
1 | |
| System | Get Time | type = Ticks, time = 150962 |
|
2 | |
| System | Get Time | type = Ticks, time = 151242 |
|
1 | |
| System | Get Time | type = Ticks, time = 151523 |
|
1 | |
| System | Get Time | type = Ticks, time = 151632 |
|
1 | |
| System | Get Time | type = Ticks, time = 151742 |
|
1 | |
| System | Get Time | type = Ticks, time = 151851 |
|
1 | |
| System | Get Time | type = Ticks, time = 151960 |
|
1 | |
| System | Get Time | type = Ticks, time = 152069 |
|
2 | |
| System | Get Time | type = Ticks, time = 152256 |
|
1 | |
| System | Get Time | type = Ticks, time = 152459 |
|
1 | |
| System | Get Time | type = Ticks, time = 152584 |
|
1 | |
| System | Get Time | type = Ticks, time = 152693 |
|
1 | |
| System | Get Time | type = Ticks, time = 152802 |
|
1 | |
| System | Get Time | type = Ticks, time = 152912 |
|
1 | |
| System | Get Time | type = Ticks, time = 153021 |
|
1 | |
| System | Get Time | type = Ticks, time = 153130 |
|
2 | |
| System | Get Time | type = Ticks, time = 153364 |
|
1 | |
| System | Get Time | type = Ticks, time = 153473 |
|
1 | |
| System | Get Time | type = Ticks, time = 153582 |
|
1 | |
| System | Get Time | type = Ticks, time = 153754 |
|
1 | |
| System | Get Time | type = Ticks, time = 153863 |
|
1 | |
| System | Get Time | type = Ticks, time = 153972 |
|
1 | |
| System | Get Time | type = Ticks, time = 154082 |
|
1 | |
| System | Get Time | type = Ticks, time = 154191 |
|
2 | |
| System | Get Time | type = Ticks, time = 154300 |
|
1 | |
| System | Get Time | type = Ticks, time = 154487 |
|
1 |
Thread 0xaa0
306
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, size = 1048560, size_out = 129 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btc@fros.cc].btc, size = 144 |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btc@fros.cc].btc, size = 234 |
|
1 | |
| File | Delete | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1886 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1886 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 1888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, size = 1048560, size_out = 1450 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1608 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1608 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 1616 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, type = size, size_out = 3186 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, size = 1048560, size_out = 3186 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 3200 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 4207 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 4207 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 4208 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2424 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2424 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 2432 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 6241 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 6241 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 6256 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, type = size, size_out = 1606 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, size = 1048560, size_out = 1606 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1616 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1872 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1872 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, size = 1888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1452 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btc@fros.cc].btc, size = 832 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btc@fros.cc].btc, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btc@fros.cc].btc, size = 832 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btc@fros.cc].btc, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2624 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2624 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 2640 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, size = 4288 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, type = size, size_out = 16852 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, size = 1048560, size_out = 16852 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btc@fros.cc].btc, size = 16864 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, size = 4288 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, type = size, size_out = 1682 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, size = 1048560, size_out = 1682 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, size = 1696 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml, type = size, size_out = 212 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml, type = size, size_out = 392 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat, type = size, size_out = 247 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, type = size, size_out = 3053984 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM, type = size, size_out = 1941 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM, size = 1048560, size_out = 1941 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btc@fros.cc].btc, size = 1952 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btc@fros.cc].btc, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, type = size, size_out = 2296 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, size = 1048560, size_out = 2296 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 2304 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, size = 1048560, size_out = 596341 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btc@fros.cc].btc, size = 596352 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, type = size, size_out = 37689 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, size = 1048560, size_out = 37689 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btc@fros.cc].btc, size = 37696 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, type = size, size_out = 2362 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, size = 1048560, size_out = 2362 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 2368 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, type = size, size_out = 1606 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, size = 1048560 |
|
1 |
Thread 0xaa4
65
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 145470 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Get Time | type = Ticks, time = 145689 |
|
1 | |
| System | Get Time | type = Ticks, time = 145923 |
|
1 | |
| System | Get Time | type = Ticks, time = 146282 |
|
1 | |
| System | Get Time | type = Ticks, time = 146500 |
|
2 | |
| System | Get Time | type = Ticks, time = 146609 |
|
1 | |
| System | Get Time | type = Ticks, time = 146952 |
|
1 | |
| System | Get Time | type = Ticks, time = 147108 |
|
1 | |
| System | Get Time | type = Ticks, time = 147374 |
|
1 | |
| System | Get Time | type = Ticks, time = 147732 |
|
2 | |
| System | Get Time | type = Ticks, time = 147998 |
|
1 | |
| System | Get Time | type = Ticks, time = 148154 |
|
1 | |
| System | Get Time | type = Ticks, time = 148263 |
|
1 | |
| System | Get Time | type = Ticks, time = 148388 |
|
1 | |
| System | Get Time | type = Ticks, time = 148497 |
|
1 | |
| System | Get Time | type = Ticks, time = 148606 |
|
1 | |
| System | Get Time | type = Ticks, time = 148809 |
|
2 | |
| System | Get Time | type = Ticks, time = 149152 |
|
1 | |
| System | Get Time | type = Ticks, time = 149292 |
|
1 | |
| System | Get Time | type = Ticks, time = 149589 |
|
1 | |
| System | Get Time | type = Ticks, time = 149807 |
|
1 | |
| System | Get Time | type = Ticks, time = 149916 |
|
2 | |
| System | Get Time | type = Ticks, time = 150026 |
|
1 | |
| System | Get Time | type = Ticks, time = 150135 |
|
1 | |
| System | Get Time | type = Ticks, time = 150244 |
|
1 | |
| System | Get Time | type = Ticks, time = 150353 |
|
1 | |
| System | Get Time | type = Ticks, time = 150462 |
|
1 | |
| System | Get Time | type = Ticks, time = 150587 |
|
1 | |
| System | Get Time | type = Ticks, time = 150696 |
|
1 | |
| System | Get Time | type = Ticks, time = 150977 |
|
2 | |
| System | Get Time | type = Ticks, time = 151242 |
|
1 | |
| System | Get Time | type = Ticks, time = 151523 |
|
1 | |
| System | Get Time | type = Ticks, time = 151632 |
|
1 | |
| System | Get Time | type = Ticks, time = 151742 |
|
1 | |
| System | Get Time | type = Ticks, time = 151851 |
|
1 | |
| System | Get Time | type = Ticks, time = 151960 |
|
1 | |
| System | Get Time | type = Ticks, time = 152069 |
|
2 | |
| System | Get Time | type = Ticks, time = 152256 |
|
1 | |
| System | Get Time | type = Ticks, time = 152459 |
|
1 | |
| System | Get Time | type = Ticks, time = 152600 |
|
1 | |
| System | Get Time | type = Ticks, time = 152709 |
|
1 | |
| System | Get Time | type = Ticks, time = 152834 |
|
1 | |
| System | Get Time | type = Ticks, time = 152943 |
|
1 | |
| System | Get Time | type = Ticks, time = 153052 |
|
1 | |
| System | Get Time | type = Ticks, time = 153161 |
|
2 | |
| System | Get Time | type = Ticks, time = 153364 |
|
1 | |
| System | Get Time | type = Ticks, time = 153473 |
|
1 | |
| System | Get Time | type = Ticks, time = 153582 |
|
1 | |
| System | Get Time | type = Ticks, time = 153754 |
|
1 | |
| System | Get Time | type = Ticks, time = 153863 |
|
1 | |
| System | Get Time | type = Ticks, time = 153972 |
|
1 | |
| System | Get Time | type = Ticks, time = 154082 |
|
1 | |
| System | Get Time | type = Ticks, time = 154191 |
|
2 | |
| System | Get Time | type = Ticks, time = 154300 |
|
1 | |
| System | Get Time | type = Ticks, time = 154487 |
|
1 |
Thread 0xaa8
284
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 1048560, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btc@fros.cc].btc, size = 65552 |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\Boot\BOOTSTAT.DAT |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = size, size_out = 8192 |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 1048560, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK.id-9C354B42.[btc@fros.cc].btc, size = 8208 |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\BOOTSECT.BAK |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, type = size, size_out = 1565 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, size = 1048560, size_out = 1565 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1568 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2296 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2296 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 2304 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, size = 1048560, size_out = 1450 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 246 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, type = size, size_out = 1383 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, size = 1048560, size_out = 1383 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1392 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 242 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2362 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2362 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 2368 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, type = size, size_out = 1231 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, size = 1048560, size_out = 1231 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1232 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 242 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1852 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1852 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 1856 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, type = size, size_out = 9503 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, size = 1048560, size_out = 9503 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 9504 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, size = 1048560, size_out = 596341 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btc@fros.cc].btc, size = 596352 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, type = size, size_out = 6421 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, size = 1048560, size_out = 6421 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btc@fros.cc].btc, size = 6432 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btc@fros.cc].btc, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 20577 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 20577 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, size = 20592 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, type = size, size_out = 15067 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, size = 1048560, size_out = 15067 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btc@fros.cc].btc, size = 15072 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btc@fros.cc].btc, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, type = size, size_out = 791686 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 31744 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml, type = size, size_out = 384 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml, type = size, size_out = 815680 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btc@fros.cc].btc, size = 832 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btc@fros.cc].btc, size = 244 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, type = size, size_out = 2624 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, size = 1048560, size_out = 2624 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 2640 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 1048560, size_out = 1452 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, type = size, size_out = 5557 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, size = 1048560, size_out = 5557 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 5568 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, type = size, size_out = 27195 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, size = 1048560, size_out = 27195 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btc@fros.cc].btc, size = 27200 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btc@fros.cc].btc, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, type = size, size_out = 9352 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, size = 1048560, size_out = 9352 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 9360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btc@fros.cc].btc, size = 4288 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, type = size, size_out = 3186 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, size = 1048560 |
|
1 |
Thread 0xaac
220
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, type = size, size_out = 1800 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, size = 1048560, size_out = 1800 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1808 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, size = 1048560, size_out = 1452 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, type = size, size_out = 913 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, size = 1048560, size_out = 913 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 928 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, type = size, size_out = 27195 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 1048560, size_out = 27195 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btc@fros.cc].btc, size = 27200 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btc@fros.cc].btc, size = 232 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 31094 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 31094 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 31104 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 16683 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 16683 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 16688 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, type = size, size_out = 8723 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, size = 1048560, size_out = 8723 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btc@fros.cc].btc, size = 8736 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, type = size, size_out = 1061 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, size = 1048560, size_out = 1061 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btc@fros.cc].btc, size = 1072 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btc@fros.cc].btc, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, type = size, size_out = 89600 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, type = size, size_out = 222208 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, type = size, size_out = 194048 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = size, size_out = 1600388 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml, type = size, size_out = 1434 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml, type = size, size_out = 727 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml, type = size, size_out = 3150 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, size = 1048560, size_out = 1349 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 1360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, type = size, size_out = 1565 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, size = 1048560, size_out = 1565 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, size = 1568 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, type = size, size_out = 913 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, size = 1048560, size_out = 913 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 928 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, type = size, size_out = 1231 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, size = 1048560, size_out = 1231 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 1232 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 242 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, type = size, size_out = 1852 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, size = 1048560, size_out = 1852 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 1856 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btc@fros.cc].btc, size = 832 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btc@fros.cc].btc, size = 244 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, type = size, size_out = 1383 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, size = 1048560, size_out = 1383 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 1392 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btc@fros.cc].btc, size = 242 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, type = size, size_out = 1988 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, size = 1048560 |
|
1 |
Thread 0xab0
278
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, type = size, size_out = 1347 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, size = 1048560, size_out = 1347 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btc@fros.cc].btc, size = 1360 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, type = size, size_out = 1457 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, size = 1048560, size_out = 1457 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btc@fros.cc].btc, size = 1472 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, type = size, size_out = 1458 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, size = 1048560, size_out = 1458 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btc@fros.cc].btc, size = 1472 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, type = size, size_out = 811 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, size = 1048560, size_out = 811 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btc@fros.cc].btc, size = 816 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 5884 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 5884 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 5888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1988 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1988 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 2000 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, type = size, size_out = 5557 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, size = 1048560, size_out = 5557 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 5568 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, type = size, size_out = 67190 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, size = 1048560, size_out = 67190 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btc@fros.cc].btc, size = 67200 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 9352 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 9352 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 9360 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, type = size, size_out = 1349 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, size = 1048560, size_out = 1349 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 1360 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btc@fros.cc].btc, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, size = 1048560, size_out = 596341 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btc@fros.cc].btc, size = 596352 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, size = 4288 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btc@fros.cc].btc, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, type = size, size_out = 1069 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, size = 1048560, size_out = 1069 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btc@fros.cc].btc, size = 1072 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btc@fros.cc].btc, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, type = size, size_out = 27045 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btc@fros.cc].btc, type = size, size_out = 33280 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, type = size, size_out = 62976 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, type = size, size_out = 197120 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml, type = size, size_out = 224256 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, type = size, size_out = 1118 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat, type = size, size_out = 1100368 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, type = size, size_out = 2227968 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, type = size, size_out = 3195696 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, type = size, size_out = 4120784 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml, type = size, size_out = 2592 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml, type = size, size_out = 2462 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml, type = size, size_out = 2436 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btc@fros.cc].btc, size = 786688 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, type = size, size_out = 71236 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, size = 1048560, size_out = 71236 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btc@fros.cc].btc, size = 71248 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btc@fros.cc].btc, size = 226 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, type = size, size_out = 26929 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, size = 1048560, size_out = 26929 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[btc@fros.cc].btc, size = 26944 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[btc@fros.cc].btc, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, type = size, size_out = 67190 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, size = 1048560, size_out = 67190 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btc@fros.cc].btc, size = 67200 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, type = size, size_out = 4207 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, size = 1048560 |
|
1 |
Thread 0xac4
116
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\BCD, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG1, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG1, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG2, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, type = size, size_out = 89168 |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui, type = size, size_out = 91712 |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 94800 |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\chs_boot.ttf, destination_filename = C:\Boot\Fonts\chs_boot.ttf.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\cht_boot.ttf, destination_filename = C:\Boot\Fonts\cht_boot.ttf.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 2503680 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 786702 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, type = size, size_out = 9958388 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, type = size, size_out = 875520 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, size = 1048560, size_out = 875520 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, size = 875536 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, type = size, size_out = 881152 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, size = 1048560, size_out = 881152 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btc@fros.cc].btc, size = 881168 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, type = size, size_out = 868864 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, size = 1048560, size_out = 868864 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btc@fros.cc].btc, size = 868880 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btc@fros.cc].btc, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, type = size, size_out = 2928955 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, type = size, size_out = 2503680 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
2 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
1 |
Thread 0xac8
109
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf, type = size, size_out = 1984228 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\jpn_boot.ttf, destination_filename = C:\Boot\Fonts\jpn_boot.ttf.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, type = size, size_out = 70361744 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, type = size, size_out = 14819276 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, type = size, size_out = 11482605 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, destination_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, type = size, size_out = 885760 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, size = 1048560, size_out = 885760 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btc@fros.cc].btc, size = 885776 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btc@fros.cc].btc, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, type = size, size_out = 873984 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, size = 1048560, size_out = 873984 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 874000 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 242 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, type = size, size_out = 18874884 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, type = size, size_out = 2797568 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 786692 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, type = size, size_out = 8265165 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
1 |
Thread 0xacc
116
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf, type = size, size_out = 2371360 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\kor_boot.ttf, destination_filename = C:\Boot\Fonts\kor_boot.ttf.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui, type = size, size_out = 93248 |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui, type = size, size_out = 90688 |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui, type = size, size_out = 76352 |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 75344 |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\memtest.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\memtest.exe, type = size, size_out = 485760 |
|
1 | |
| File | Get Info | filename = C:\Boot\memtest.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\memtest.exe.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\memtest.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\memtest.exe, type = size, size_out = 16972987 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, type = size, size_out = 2865664 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 786696 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, type = size, size_out = 2522624 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, type = size, size_out = 13642474 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, destination_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, type = size, size_out = 3124224 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 786698 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, type = size, size_out = 17456632 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
2 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
1 |
Thread 0xad0
85
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x757c0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x757ed650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf, type = size, size_out = 47452 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, type = size, size_out = 2506240 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, type = size, size_out = 2513920 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 786700 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, type = size, size_out = 43806141 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786688 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, type = size, size_out = 21064532 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, destination_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, type = size, size_out = 50823389 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, type = size, size_out = 2511872 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btc@fros.cc].btc, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btc@fros.cc].btc |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btc@fros.cc].btc, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btc@fros.cc].btc, size = 262144 |
|
1 |
Process #3: cmd.exe
245
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:54, Reason: Child Process |
| Unmonitor | End Time: 00:05:22, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:28 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa78 |
| Parent PID | 0xa6c (c:\users\5p5nrgjn0js halpmcxz\desktop\wscparent.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A7C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x00100000 | 0x00110fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x003effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x004effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005b0000 | 0x005b0000 | 0x005bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000005c0000 | 0x005c0000 | 0x00747fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000750000 | 0x00750000 | 0x008d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000008e0000 | 0x008e0000 | 0x01cdffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001ce0000 | 0x01ce0000 | 0x02022fff | Pagefile Backed Memory | r |
|
|
|
- |
| basebrd.dll | 0x02030000 | 0x020f7fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002100000 | 0x02100000 | 0x024f2fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x02500000 | 0x027cefff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x4a800000 | 0x4a858fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x776b0000 | 0x777a9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x777b0000 | 0x778cefff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff4000 | 0x7fff4000 | 0x7fff4fff | Private Memory | rw |
|
|
|
- |
| winbrand.dll | 0x7fef59f0000 | 0x7fef59f7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd8d0000 | 0x7fefd93afff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefdec0000 | 0x7fefdecdfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefdfb0000 | 0x7fefdfddfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefe100000 | 0x7fefe166fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefe170000 | 0x7fefe20efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe210000 | 0x7fefe318fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefe320000 | 0x7fefe3e8fff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feffbf0000 | 0x7feffbf0fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Threads
Thread 0xa7c
245
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2018-10-03 03:11:52 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 144472 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a800000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x777b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x777c6d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x777b0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x777c23d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x777b8290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x777c17e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\mode.com, os_pid = 0xab8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x778d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x779214a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\mode.com, address = 0x7fffffdf000, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\vssadmin.exe, os_pid = 0xae0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\vssadmin.exe, address = 0x7fffffdc000, size = 896 |
|
1 |
Process #4: mode.com
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\mode.com |
| Command Line | mode con cp select=1251 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:06, Reason: Self Terminated |
| Monitor Duration | 00:00:07 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xab8 |
| Parent PID | 0xa78 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
ABC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x000d0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e6fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x00170000 | 0x00180fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00191fff | Pagefile Backed Memory | rw |
|
|
|
- |
| ulib.dll.mui | 0x001a0000 | 0x001d7fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0042ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0052ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x006b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x00840fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x01c4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| user32.dll | 0x776b0000 | 0x777a9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x777b0000 | 0x778cefff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| mode.com | 0xff0d0000 | 0xff0dbfff | Memory Mapped File | rwx |
|
|
|
- |
| ulib.dll | 0x7fef42f0000 | 0x7fef4317fff | Memory Mapped File | rwx |
|
|
|
- |
| ureg.dll | 0x7fef8200000 | 0x7fef820bfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7fefc140000 | 0x7fefc195fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd8d0000 | 0x7fefd93afff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefdec0000 | 0x7fefdecdfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefdfb0000 | 0x7fefdfddfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefe100000 | 0x7fefe166fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefe170000 | 0x7fefe20efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe210000 | 0x7fefe318fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefe320000 | 0x7fefe3e8fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7fefe3f0000 | 0x7fefe4cafff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7fefe4d0000 | 0x7fefe5fcfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7fefea30000 | 0x7fefea4efff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feffbf0000 | 0x7feffbf0fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #5: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:02:10, Reason: Child Process |
| Unmonitor | End Time: 00:05:22, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:12 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xae0 |
| Parent PID | 0xa78 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AE4
0x
AEC
0x
AF0
0x
AF4
0x
AF8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x000affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b3fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x000d0000 | 0x00136fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000140000 | 0x00140000 | 0x00146fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00151fff | Pagefile Backed Memory | rw |
|
|
|
- |
| vssadmin.exe.mui | 0x00160000 | 0x0016cfff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x00190000 | 0x001a0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x002fffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003d0000 | 0x003d0000 | 0x003dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x004dffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000004e0000 | 0x004e0000 | 0x00667fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000670000 | 0x00670000 | 0x007f0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000800000 | 0x00800000 | 0x01bfffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001c80000 | 0x01c80000 | 0x01cfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e70000 | 0x01e70000 | 0x01eeffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x01ef0000 | 0x021befff | Memory Mapped File | r |
|
|
|
- |
| user32.dll | 0x776b0000 | 0x777a9fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x777b0000 | 0x778cefff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x778d0000 | 0x77a78fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| vssadmin.exe | 0xff4d0000 | 0xff4fcfff | Memory Mapped File | rwx |
|
|
|
- |
| vsstrace.dll | 0x7fefa8d0000 | 0x7fefa8e6fff | Memory Mapped File | rwx |
|
|
|
- |
| vssapi.dll | 0x7fefa8f0000 | 0x7fefaa9ffff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x7fefb2d0000 | 0x7fefb2e8fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7fefce10000 | 0x7fefce56fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7fefd110000 | 0x7fefd126fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7fefd710000 | 0x7fefd71efff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x7fefd800000 | 0x7fefd813fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd8d0000 | 0x7fefd93afff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefdec0000 | 0x7fefdecdfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7fefded0000 | 0x7fefdfa6fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7fefdfb0000 | 0x7fefdfddfff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefe100000 | 0x7fefe166fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefe170000 | 0x7fefe20efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe210000 | 0x7fefe318fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefe320000 | 0x7fefe3e8fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7fefe3f0000 | 0x7fefe4cafff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7fefe4d0000 | 0x7fefe5fcfff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7fefe600000 | 0x7fefe698fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7fefea30000 | 0x7fefea4efff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7feff9d0000 | 0x7feffbd2fff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feffbf0000 | 0x7feffbf0fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffdcfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
