8c2d2276dd1b98ad4c3958d466f8cf650d499f06c7ed2ef8ef9e026b457d3402 (SHA256)
w2rujjry.exe
Windows Exe (x86-32)
Created at 2018-11-06 23:59:00
Notifications (2/4)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The overall sleep time of all monitored processes was truncated from "27 seconds" to "10 seconds" to reveal dormant functionality.
The operating system was rebooted during the analysis.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: w2rujjry.exe
624
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:25, Reason: Analysis Target |
| Unmonitor | End Time: 00:02:05, Reason: Self Terminated |
| Monitor Duration | 00:01:40 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4f0 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
504
0x
7CC
0x
7EC
0x
234
0x
478
0x
0
0x
540
0x
24C
0x
274
0x
520
0x
7A8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000110000 | 0x00110000 | 0x0014ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x0017ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x0018ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001bffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001cffff | Private Memory | - |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x001dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001e0000 | 0x001e0000 | 0x0027ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x0028ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x0029ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002a0000 | 0x002a0000 | 0x002a1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| gdipfontcachev1.dat | 0x003b0000 | 0x003cafff | Memory Mapped File | rw |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003b0fff | Private Memory | rw |
|
|
|
- |
| windowsshell.manifest | 0x003c0000 | 0x003c0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000003c0000 | 0x003c0000 | 0x003c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000003e0000 | 0x003e0000 | 0x0041ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000420000 | 0x00420000 | 0x00421fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0043ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0047ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000480000 | 0x00480000 | 0x0048ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000490000 | 0x00490000 | 0x0049ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004a0000 | 0x004a0000 | 0x0051ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000520000 | 0x00520000 | 0x0052ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000530000 | 0x00530000 | 0x0056ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000580000 | 0x00580000 | 0x0058ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005a0000 | 0x005a0000 | 0x005dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000610000 | 0x00610000 | 0x0070ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000720000 | 0x00720000 | 0x0075ffff | Private Memory | rw |
|
|
|
- |
| segoeui.ttf | 0x00760000 | 0x007defff | Memory Mapped File | r |
|
|
|
- |
| mscorrc.dll | 0x00760000 | 0x007c1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000007e0000 | 0x007e0000 | 0x0081ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000820000 | 0x00820000 | 0x0085ffff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000000860000 | 0x00860000 | 0x009e7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000009f0000 | 0x009f0000 | 0x00b70fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000b80000 | 0x00b80000 | 0x00c7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000d00000 | 0x00d00000 | 0x00dfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000e50000 | 0x00e50000 | 0x00e8ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000eb0000 | 0x00eb0000 | 0x00faffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000fb0000 | 0x00fb0000 | 0x0115ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000fb0000 | 0x00fb0000 | 0x0108efff | Pagefile Backed Memory | r |
|
|
|
- |
| comctl32.dll | 0x01090000 | 0x01111fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000001090000 | 0x01090000 | 0x010cffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001120000 | 0x01120000 | 0x0115ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001170000 | 0x01170000 | 0x0126ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001270000 | 0x01270000 | 0x0138ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001270000 | 0x01270000 | 0x0136ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001380000 | 0x01380000 | 0x0138ffff | Private Memory | rw |
|
|
|
- |
| w2rujjry.exe | 0x013b0000 | 0x014c1fff | Memory Mapped File | rwx |
|
|
|
|
| pagefile_0x00000000014d0000 | 0x014d0000 | 0x028cffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000028d0000 | 0x028d0000 | 0x048cffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x048d0000 | 0x04b9efff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nlp | 0x04ba0000 | 0x04e71fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004e80000 | 0x04e80000 | 0x0503ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004ec0000 | 0x04ec0000 | 0x04fbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005030000 | 0x05030000 | 0x0503ffff | Private Memory | rw |
|
|
|
- |
| tahoma.ttf | 0x05040000 | 0x050eafff | Memory Mapped File | r |
|
|
|
- |
| msjh.ttf | 0x05040000 | 0x064e8fff | Memory Mapped File | r |
|
|
|
- |
| msyh.ttf | 0x05040000 | 0x06502fff | Memory Mapped File | r |
|
|
|
- |
| malgun.ttf | 0x05040000 | 0x05462fff | Memory Mapped File | r |
|
|
|
- |
| micross.ttf | 0x05040000 | 0x050dffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005040000 | 0x05040000 | 0x0523ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000005240000 | 0x05240000 | 0x0543ffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x05240000 | 0x053dafff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005400000 | 0x05400000 | 0x0543ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x05440000 | 0x05d6ffff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000005d70000 | 0x05d70000 | 0x05faafff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000005fb0000 | 0x05fb0000 | 0x063a2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000063b0000 | 0x063b0000 | 0x06584fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006590000 | 0x06590000 | 0x06764fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006770000 | 0x06770000 | 0x06944fff | Private Memory | rw |
|
|
|
- |
| system.windows.forms.ni.dll | 0x707d0000 | 0x71427fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x71430000 | 0x71b45fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x71b50000 | 0x724fcfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x72500000 | 0x7372afff | Memory Mapped File | rwx |
|
|
|
- |
| system.windows.forms.dll | 0x73990000 | 0x73e27fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x73c90000 | 0x73e2dfff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x74150000 | 0x742dffff | Memory Mapped File | rwx |
|
|
|
- |
| system.runtime.remoting.ni.dll | 0x742e0000 | 0x743a4fff | Memory Mapped File | rwx |
|
|
|
- |
| nlssorting.dll | 0x743b0000 | 0x743c2fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x743d0000 | 0x74453fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x74460000 | 0x7449afff | Memory Mapped File | rwx |
|
|
|
- |
| system.drawing.ni.dll | 0x744a0000 | 0x7462cfff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x74630000 | 0x74cd7fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74ce0000 | 0x74cf2fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x74d00000 | 0x74d7ffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74d90000 | 0x74d97fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74da0000 | 0x74dfbfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x74e00000 | 0x74e3efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x74e50000 | 0x74e65fff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x74e70000 | 0x74eecfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x74ef0000 | 0x750bafff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x750c0000 | 0x751b4fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x751c0000 | 0x751c8fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x751d0000 | 0x75247fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x75250000 | 0x75299fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x753a0000 | 0x753abfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x753b0000 | 0x7540ffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x75410000 | 0x754acfff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x75540000 | 0x7569bfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x756f0000 | 0x757effff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75a20000 | 0x75b2ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75b30000 | 0x75bcffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75ce0000 | 0x75d36fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75d40000 | 0x75e0bfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75e30000 | 0x75edbfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x75f60000 | 0x75feefff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x762b0000 | 0x762c8fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x762d0000 | 0x762d9fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x76500000 | 0x7655ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x765f0000 | 0x76635fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x772d0000 | 0x773bffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x773c0000 | 0x7744ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077450000 | 0x77450000 | 0x77549fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077550000 | 0x77550000 | 0x7766efff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77850000 | 0x779cffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 52 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\gdipfontcachev1.dat | 106.27 KB |
MD5:
92e128dcb152d05f07faf5da64bd1c91
SHA1: 2174814ca563fc2b9679fffbf1b40bdf3ac9abec SHA256: 11437a99f5f9c0a6df09c64abc8828ad3ecd8cf4fa601340ded86b8945edff43 SSDeep: 768:i8HrbdvVyZHgTl7ho5sZWN/Ys9byFRQ+AwqGuGyZoVyOF7rrlqTIyMnm:/pVyZHgTl7h6tKR7AwqlGyZQVO1Mnm |
|
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe.config | type = file_attributes |
|
1 | |
| Get Info | C:\nx0w11aw.epd | type = file_attributes |
|
1 | |
| Open Mapping | - | desired_access = 12 |
|
1 |
Registry (21)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\SysWOW64\msiexec.exe | os_pid = 0xab8, creation_flags = CREATE_SUSPENDED, show_window = SW_HIDE |
|
1 | |
| Get Info | C:\Windows\SysWOW64\msiexec.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Thread (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Queue APC | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | os_tid = 0x7a8 |
|
1 |
Memory (6)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Allocate | C:\Windows\SysWOW64\msiexec.exe | address = 0x700d7f8, allocation_type = MEM_COMMIT, MEM_RESERVE, protection = PAGE_EXECUTE_READWRITE, size = 117495792 |
|
2 | |
| Read | C:\Windows\SysWOW64\msiexec.exe | address = 0x7efde008, size = 4 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x7efde008, size = 4 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x70000, size = 102 |
|
1 | |
| Write | C:\Windows\SysWOW64\msiexec.exe | address = 0x80000, size = 78 |
|
1 |
Module (495)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x743d0000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x73c90000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x1160001 |
|
3 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x756f0000 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | base_address = 0x13b0000 |
|
12 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | base_address = 0x743d0000 |
|
20 | |
| Get Handle | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | base_address = 0x73c90000 |
|
6 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75a20000 |
|
1 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
3 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
6 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
1 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
1 | |
| Get Filename | c:\windows\microsoft.net\assembly\gac_msil\system.windows.forms\v4.0_4.0.0.0__b77a5c561934e089\system.windows.forms.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll, size = 2048 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\shell32.dll, size = 2048 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x778825dd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x75a3195e |
|
1 | |
| Create Mapping | - | protection = PAGE_EXECUTE_READWRITE, maximum_size = 117496512 |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, protection = PAGE_READONLY, address_out = 0x5d80000 |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x4e80000 |
|
1 | |
| Map | - | process_name = C:\Windows\SysWOW64\msiexec.exe, protection = PAGE_EXECUTE_READWRITE, address_out = 0x400000 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (29)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5441582 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5441782 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5441822 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5441862 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 393510 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 393510 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551600, new_long = 47120384 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5441902 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 262442 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2005411293 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5441942 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 327968 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1942665417 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 5442022 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 327970 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
1 |
System (11)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Sleep | duration = 44178028 milliseconds (44178.028 seconds) |
|
1 | |
| Sleep | duration = 44663604 milliseconds (44663.604 seconds) |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
3 | |
| Get Info | type = Operating System |
|
2 |
Debug (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | - |
|
1 | |
| Hide | c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | - |
|
1 |
Process #2: msiexec.exe
3405
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\msiexec.exe |
| Command Line | C:\Windows\SysWOW64\msiexec.exe |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:45, Reason: Child Process |
| Unmonitor | End Time: 00:02:14, Reason: Self Terminated |
| Monitor Duration | 00:00:29 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xab8 |
| Parent PID | 0x4f0 (c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B0C
0x
B10
0x
AEC
0x
AF0
0x
B24
0x
B28
0x
B2C
0x
B40
0x
B44
0x
B48
0x
B1C
0x
B20
0x
B54
0x
B58
0x
B34
0x
B38
0x
B6C
0x
B64
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| imm32.dll | 0x00020000 | 0x0003dfff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00061fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000080000 | 0x00080000 | 0x00080fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000090000 | 0x00090000 | 0x0009ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00096fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a6fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000a0000 | 0x000a0000 | 0x000a1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x000bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b6fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000b0000 | 0x000b0000 | 0x000b7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c7fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000d0000 | 0x000d0000 | 0x0010ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00110000 | 0x00176fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x001effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000200000 | 0x00200000 | 0x0023ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x002effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000290000 | 0x00290000 | 0x002cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x003cffff | Private Memory | rw |
|
|
|
- |
| msiexec.exe | 0x003e0000 | 0x003f3fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000400000 | 0x00400000 | 0x0042cfff | Pagefile Backed Memory | rwx |
|
|
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0048ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004a0000 | 0x004a0000 | 0x004dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000500000 | 0x00500000 | 0x0053ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000540000 | 0x00540000 | 0x0063ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000640000 | 0x00640000 | 0x007c7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000007d0000 | 0x007d0000 | 0x00950fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000960000 | 0x00960000 | 0x01d5ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001d60000 | 0x01d60000 | 0x01f2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001d60000 | 0x01d60000 | 0x01e60fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001d60000 | 0x01d60000 | 0x01d9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001d70000 | 0x01d70000 | 0x01daffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001dc0000 | 0x01dc0000 | 0x01dfffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e00000 | 0x01e00000 | 0x01e3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e50000 | 0x01e50000 | 0x01e8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001e90000 | 0x01e90000 | 0x01ecffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01f2ffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x01f30000 | 0x021fefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002240000 | 0x02240000 | 0x0227ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000022b0000 | 0x022b0000 | 0x022effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002340000 | 0x02340000 | 0x0237ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002380000 | 0x02380000 | 0x02772fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000027d0000 | 0x027d0000 | 0x0280ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002820000 | 0x02820000 | 0x0285ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002890000 | 0x02890000 | 0x028cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028d0000 | 0x028d0000 | 0x0290ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002940000 | 0x02940000 | 0x0297ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002990000 | 0x02990000 | 0x029cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000029f0000 | 0x029f0000 | 0x02a2ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002a50000 | 0x02a50000 | 0x02a8ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002aa0000 | 0x02aa0000 | 0x02adffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b20000 | 0x02b20000 | 0x02b5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002b80000 | 0x02b80000 | 0x02bbffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002bd0000 | 0x02bd0000 | 0x02c0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c30000 | 0x02c30000 | 0x02c6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ce0000 | 0x02ce0000 | 0x02d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d30000 | 0x02d30000 | 0x02d6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d70000 | 0x02d70000 | 0x02daffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002db0000 | 0x02db0000 | 0x02eb0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ec0000 | 0x02ec0000 | 0x02fc0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fd0000 | 0x02fd0000 | 0x030d0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000030e0000 | 0x030e0000 | 0x031dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000031e0000 | 0x031e0000 | 0x032e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000032f0000 | 0x032f0000 | 0x033f0fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003400000 | 0x03400000 | 0x03500fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003510000 | 0x03510000 | 0x03610fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003620000 | 0x03620000 | 0x03720fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003730000 | 0x03730000 | 0x0392ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000039b0000 | 0x039b0000 | 0x039effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000039f0000 | 0x039f0000 | 0x03a70fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003a80000 | 0x03a80000 | 0x03b80fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003bb0000 | 0x03bb0000 | 0x03caffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003cb0000 | 0x03cb0000 | 0x040affff | Private Memory | rw |
|
|
|
- |
| browcli.dll | 0x73b00000 | 0x73b0cfff | Memory Mapped File | rwx |
|
|
|
- |
| netutils.dll | 0x73b10000 | 0x73b18fff | Memory Mapped File | rwx |
|
|
|
- |
| cscapi.dll | 0x73b20000 | 0x73b2afff | Memory Mapped File | rwx |
|
|
|
- |
| wkscli.dll | 0x73b30000 | 0x73b3efff | Memory Mapped File | rwx |
|
|
|
- |
| davclnt.dll | 0x73b40000 | 0x73b56fff | Memory Mapped File | rwx |
|
|
|
- |
| ntlanman.dll | 0x73b60000 | 0x73b73fff | Memory Mapped File | rwx |
|
|
|
- |
| winsta.dll | 0x73b80000 | 0x73ba8fff | Memory Mapped File | rwx |
|
|
|
- |
| davhlpr.dll | 0x73e40000 | 0x73e47fff | Memory Mapped File | rwx |
|
|
|
- |
| drprov.dll | 0x73e60000 | 0x73e67fff | Memory Mapped File | rwx |
|
|
|
- |
| mpr.dll | 0x74030000 | 0x74041fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x74d90000 | 0x74d97fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x74da0000 | 0x74dfbfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x74e00000 | 0x74e3efff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x753a0000 | 0x753abfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x753b0000 | 0x7540ffff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x75410000 | 0x754acfff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x756f0000 | 0x757effff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x75a20000 | 0x75b2ffff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x75b30000 | 0x75bcffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75ce0000 | 0x75d36fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75d40000 | 0x75e0bfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75e30000 | 0x75edbfff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x762b0000 | 0x762c8fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x762d0000 | 0x762d9fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x764c0000 | 0x764f4fff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x76500000 | 0x7655ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x765f0000 | 0x76635fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x76670000 | 0x772b9fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x772d0000 | 0x773bffff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x773c0000 | 0x7744ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000077450000 | 0x77450000 | 0x77549fff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000077550000 | 0x77550000 | 0x7766efff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x77820000 | 0x77825fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77850000 | 0x779cffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef86000 | 0x7ef86000 | 0x7ef88fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef89000 | 0x7ef89000 | 0x7ef8bfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8c000 | 0x7ef8c000 | 0x7ef8efff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef8f000 | 0x7ef8f000 | 0x7ef91fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef92000 | 0x7ef92000 | 0x7ef94fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef95000 | 0x7ef95000 | 0x7ef97fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef98000 | 0x7ef98000 | 0x7ef9afff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Injection Information
| Injection Type | Source Process | Source Os Thread ID | Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | 0x7a8 | address = 0x400000, size = 184320 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | 0x7a8 | address = 0x7efde008, size = 4 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | 0x7a8 | address = 0x70000, size = 102 |
|
1 | |
| Modify Memory | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | 0x7a8 | address = 0x80000, size = 78 |
|
1 | |
| Modify Control Flow | #1: c:\users\5p5nrgjn0js halpmcxz\desktop\w2rujjry.exe | 0x7a8 | os_tid = 0xb0c, address = 0x80000 |
|
1 |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[xtron@cock.li].tron | 3.54 MB |
MD5:
c4d0ddfe5e084b891fc062d17880a9ad
SHA1: 579025fdc3e236da38f5708b28b23a2b55c67a70 SHA256: 917afebac0f9c55051e7d888f6dac771ca4e836f375f58a08d65b33c512386f2 SSDeep: 98304:zDMUwxyODPFhbY12HLodiF4+5riQTagVMcEl2pSj:z4UwVthio4wTRVMx+w |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[xtron@cock.li].tron | 3.14 MB |
MD5:
bd5651cfafb513824d5da0e86a7d263f
SHA1: 93fd2777c10dbe53ffbec8d96997af4e0b1c16e5 SHA256: 2e3d4ce229c93cfd82292e96237e180ef26b62687bf1bb0c8e5361c30774145a SSDeep: 49152:zDxL8QBo6Tex4S120ytJyWpNl/DxSVqStEOcNQrll:zR89j1ufyVvOIll |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.14 KB |
MD5:
c809d3c1a90e0e05f5cfe9e1c002babe
SHA1: 7545e8b6ba572c53fb222031f359dd893d1ee665 SHA256: ed887d976ef49969dc498bf210d358562d33857b29167c1e83b9532df5f51b95 SSDeep: 24:rJSRY39Nk9ovudBMA4i95uIuBlspkkth5auJZeJ3MDSqi:r8I9S9okBM3Ytwl+kkth8cZeJSi |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[xtron@cock.li].tron | 16.70 KB |
MD5:
d70b676d592a5acac40a0ce17f5c9862
SHA1: 8d3aa6982a1f8eec51f5761b07dba0807a990844 SHA256: 5748d6214bd19976e6bb70a127a3f2209b8a3b084a90248cdaff92bf37c1e680 SSDeep: 384:a/lrDgjHoRpuJ9YCURIgRkLZPrH8uj8TGsc9ZyZZr6a:SZD8HvqRIgR8Prcuj8y/ZyZZWa |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[xtron@cock.li].tron | 860.74 KB |
MD5:
0d72ac90ba7e617dc4a502a7625ae299
SHA1: 063bd81d98e091785aecd9a48260e62b682bd840 SHA256: 6862193f98be32cbf68cca57e1167101ef8cac091ba4e18c480230d23f3eb01e SSDeep: 24576:kFFsehuYh1KNt61RgLtUJ2UIs0Rj6mBl1nr26F1LNsjou1Ia2:sFEvGK/nVJHlAWNCn2 |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 9.37 KB |
MD5:
37fd76397d6142ebd445316dbc0e91be
SHA1: 5686849909e288553f763b3d8f71b230ec9d20f6 SHA256: 20d8ef8399f4b005292db6d26a50f15a47e8128d676b82143135772cbd6e8a06 SSDeep: 192:P/xryk5qz7qPWBDh1EfYYrHdhTUbzpJjBD+eckcZ4SG0yOmYh3diHJ:P/xryqq3qP8DnEAk9pU5J9D+ecSYlgHJ |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.07 KB |
MD5:
3f0ace8deb651b65a5efe8a51d1ac5db
SHA1: e02e7e7621854484a5a45920351d7dfae0d62759 SHA256: dea60cf1957cb7ec84ea1134bc56c6fa68db02f4e26c31f24cf4b2e80d78b001 SSDeep: 48:iXbrDHJdJVO+xQHt9P7SwX9MWrMhGg6U546fB34I2VpurwIq6:ClnhKP7SE9MWwHK6x4FU9 |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[xtron@cock.li].tron | 3.15 MB |
MD5:
4fa0d50a715edb463f3d8c296a8fa651
SHA1: 571314b11cc8e900ca36bc10f27605dfd932348e SHA256: 96283570d62c7a80f86478505c9ebe2200f7aa0697c92879a6500067c9b1e39f SSDeep: 49152:zDxL8QBonTex4S120ytJyNJYV7O/RBVKtBPLgNC3Fv:zR89K1VSZOZBYtBjgNSv |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
4fb6c079967f604d4b8cdf477caf6de0
SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[xtron@cock.li].tron | 3.14 MB |
MD5:
31823168537ccd56a69ca3309805733b
SHA1: c50c7193f0258ed514bf4949ebdf2dd1856beaf3 SHA256: 5c567870f55680878bc3cdcc80028b638f97571eac54b20abc091acb45750b19 SSDeep: 49152:zDxL8QBo0Tex4S120ytJya0u8GMRuGWFA31R7y8C7C:zR89t1794ZST7R |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe | 1.04 MB |
MD5:
9f3ea1850f9d879de8a36dc778dfffba
SHA1: de68f0598656203d2ffb64a0d4b34294914272db SHA256: 8c2d2276dd1b98ad4c3958d466f8cf650d499f06c7ed2ef8ef9e026b457d3402 SSDeep: 24576:OBrJ14aCMMv3a38+oNit9cIb8TCZgsIbpc4XOwdjK+zZ:OBrIMMiM+oNzIDjcXOwdj |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.04 KB |
MD5:
f2d500b5fa213718b2411987b40abf33
SHA1: 208988d34bc39ab8b5d7ccef851264dcd89c6d04 SHA256: d8efecd6bb224db92566880509be54e2011c031022a4a02fb23641c07f4042e5 SSDeep: 48:YiTBbVBrqMdK/b+dsP5Vn0vGwf5n1DXsEffQY7Dqrv2mzGMUbP2Buri6:YiNa7/b+u5Vni1bs4fQY7DsXFu9 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 5.97 KB |
MD5:
a1880098ac82266d68cc0d202c58e2d8
SHA1: d4fae38e2a56c0d8c3f2c71db875ddf74ab113af SHA256: bd9933b237853354c51a80158848cb5ddf8d938e5fca7ea7f9d7f913dfc6ff07 SSDeep: 96:2z6jI/SgY32fHPyzBRq+xBUphgbuj76F6mYcrl5vct/HbpGIo+:8Y32f2BRq+BU/k6iQcr80+ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
42ac6eff5aa1dad153cb32ec3d616e43
SHA1: 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 SHA256: b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 SSDeep: 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ |
|
|
| C:\BOOTSECT.BAK.id-9C354B42.[xtron@cock.li].tron | 8.25 KB |
MD5:
2f5b9907759bd5a84933462a4de90ff3
SHA1: 658b2aaf026ccbb85ad852987bc8a7bdf328e560 SHA256: 9d096bbab81fbdc88153b36ae2d71c4f758fdca0cd381ad5a36af255f4b484f8 SSDeep: 192:YjGWV7OILujtVLiGeGg0Xpoc7vmcrQZDC+H5d0r2c:YjGWV7Omu7+Ge30Xpl7OBZ+b |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 20.33 KB |
MD5:
f2a0aeee70b6006d13180c4c4a70c69e
SHA1: b48c61c5bee2656bddb593030b721d203e03c195 SHA256: 7bd1475bcd910ea9ebfaafa962a21b239f035d1a046cb605be586fe6310b8f58 SSDeep: 384:NQwaZIaGblA/qSox0f23glUOPEy9z0cFKxP3+H0VumwXJzJ/tuNs:+waHGBSqMaZuE2z0mKxULzXlJ/EG |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[xtron@cock.li].tron | 1.27 KB |
MD5:
46a807524fde57c154aee4ce9dd59f5e
SHA1: 2d76fe5597ba3a7ed5d2499e0a9e3c821398769e SHA256: 913a108bdc642a736a4b5e764391996c76c002e64560eda4f25ed4ff88d0e513 SSDeep: 24:Jt9p1QPd1J/vMWm0XYPCBGU+iuKMtMJFSrn+XXoBLhhTV5Y8DgSq8:pAJ/PQPPUhuKMQSz+XXU/Tj/DO8 |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
0132354deb06c352353675fce278a129
SHA1: 82f447263c0d4d83d398af15034413083edcbc35 SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[xtron@cock.li].tron | 3.48 MB |
MD5:
b88663c2364b01cbf6d74af8a60e8e25
SHA1: 5ee6e4a50c306bbdc3b5f39a252aab964f28d526 SHA256: 84aac7b0599926eadd0fc57b6f16e1641e85623db1fc9e063d4a5c51fe4cfbfb SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ6PfMCqQJzHkD:fqLVW6vTUnBD |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[xtron@cock.li].tron | 853.75 KB |
MD5:
c123d6e96819e0c406cf02fc0abac8e1
SHA1: caaa42cb567a47ac7ddd37f372b154023126444c SHA256: bceda3035a5499d4416545e0cbbccf476f3966d598055648f4ef387a8344d411 SSDeep: 12288:wrsF8YDzrDAYfJHrZNDQJfiRXmCRCaYtxZR4w/iwsi5y/hFJ+AvfocmcufsiXL:dFTDAYfLNkFG1CDHZR4w6p/R+Eo4pi7 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[xtron@cock.li].tron | 855.24 KB |
MD5:
4c9e9280161572a2be3d5016d07a7725
SHA1: a84564e406b35343395e783bcef5198208b66034 SHA256: d0d0e32ff9a160ff61269aabdc47dc29d132b4ef7d2b093fad6e03849a33e69b SSDeep: 12288:aOFKYJMo6DQIo6taaIGwRhHEv9P4EgWX6P1jsUqPFkQX/4KbdpDHCeE64OUY355H:3IYSQfFRh2A5P1PqtQgj3t7JNVx |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.66 KB |
MD5:
0ebe9a6a0d9a8056e36857859a57b333
SHA1: 61f69838b562cb35c00d712ebcf83c4a25f91c6a SHA256: 543fe9d01ba0ebd61b49659ccc5e909bad5c83c51e16b0a7cb663e118f96f5b0 SSDeep: 48:q21lyiSuLKSbhnhr6acvdpUCQF3CeJ/8M:D1lLSuNbDr+1p2 |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.81 KB |
MD5:
40be3355d6c3f281dcc41c7f60d96b00
SHA1: 074f3828288f03ead4fcb497f66ee1fa4ebcfe44 SHA256: 846a5a81f521a4148a797d1b055eb5d309a696796e8bce809bdb966e37ba5ed5 SSDeep: 48:KKBK6ywRYuVyodQz1/1f/9MnVJYp6eJ0M:vK6yw9yoqhFQVo |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 1.80 KB |
MD5:
224d31bf77020988b578fdfb1d81f239
SHA1: a92d3b7744c6566da0858ec7582abbf88bee8bd7 SHA256: 03cfcae90f94c429ed5512457e3015dbc1470ed64c7db1c04c73ed5844d52721 SSDeep: 48:4rVMVHmXlEeHQ+dsZ862RynVCnb6z/+56lOJarn6:4rVMVHmyZ+dsZyyF+5roW |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[xtron@cock.li].tron | 2.13 KB |
MD5:
052a6e52965a2e0eafbfd7efd3714e5c
SHA1: 93b9f911eebb463e2e018be8ad07e65570344ea7 SHA256: 454e1b3df8898826f01db7e7fdd7e4731d6d39c65d21a862e69a28005338ddf2 SSDeep: 48:scUCX3PqC+/tkagj+CMJRe++lueG+zmkj4G+xt0Lr00jIDibnI7/UXWSvXIlJk:hUCCOOwme4G+bc00jBLRx3 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[xtron@cock.li].tron | 1.76 KB |
MD5:
da956c70ea0c55de2f39ed0b670c7830
SHA1: 2270c69375ec45a858aa3bf3fb4738823de0137b SHA256: e58f48a6f08129210b509401f6e651e522599e2dbd04135b30ede26b2a7d0fde SSDeep: 48:mgoN73Eg8Mhe9UbSYmdtraa14uTQL5X7JKcg:mZN7v8Mx/mrvFTQLdm |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[xtron@cock.li].tron | 865.24 KB |
MD5:
bda22ed786c1767be46718f1204f8e48
SHA1: 03c2ae0cb0f4bb655e776d625b12c50a04220354 SHA256: f74409404879cf6fb0a5f537213f319ea6be03080e6bbbffb1fa96165cc79c64 SSDeep: 24576:SbLEcSIDQfKdgU7k6+5TFdAy8SDXjn8VDotCqHUT:ASoQSgUYL3rzjkDotFUT |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[xtron@cock.li].tron | 14.94 KB |
MD5:
6c489b97582528cb6be2d3998b7c3c29
SHA1: 87167743763b84facf91e7c1f44f0a0d0db99724 SHA256: 98b344d0d3a9921f0a1e5369a373229bb3a33ebafd095c38a397ca6f3017841a SSDeep: 384:oSGzPwBcf4vPWlzvHqmOBnwc3CgmzwgVBXPJT5Z:o1gDGvHkFGbBn |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.60 KB |
MD5:
a0734aa9564cf51a08003c61260fa55d
SHA1: 8351d1fb2c73f7f6a82079b34fd26c55550f0444 SHA256: 90d5350ee9e5654713f5b42d27b648d5ee4ad241c9d1ca72471ffd28e2727681 SSDeep: 48:fQJwku93O3EcEjas2gyBgIE/bG0gSU/DN2sCaifH99dQtgUDWowwr36:ofUNasbr/bj8jCXfHXcgUb+ |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.56 KB |
MD5:
128e4fc4cde6d488c8eba29ecfb45ffd
SHA1: 6db319939aab67a6440b8f9f36fc34d4f0f74b81 SHA256: 0394a56844a9a05237147d6b0aba806acf0aa34e1f11024c00763381d0021b9d SSDeep: 48:pAsZBpaPOfG8Tzh0vfyq8L8DS0/L/yteJvLi:pAs/tTGvKH30D6J |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
2fb10a322517f7cbfb3a6cfe3f7ec571
SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07 SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | 4.42 KB |
MD5:
585ecc7d73bef2f32b2324cc3d4aab35
SHA1: 17838af5012524ef56ea87f4c4be01169e258ec8 SHA256: 13db4c3bf3c82b3ce442a866b1a3cb06e8934baeb26e3fd9e231d68385c5b6bd SSDeep: 96:7JNbL0Adk7dan7OmNTbbTat3uMirhctMTMJ/YfA8XBG3stU23:7JOkkRaymlbTo3XuhhMJh8I3sq23 |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 4.33 KB |
MD5:
9389503c59a653c50879e23ed6929462
SHA1: 61cd74637caf58cd28b1d83240022994c99399f6 SHA256: f81656a21faf1c1b04347e9c5dfd1191fdd88508fabbbd55685db23cc27a2929 SSDeep: 96:QpXJhzWbmcswlZ3T2P8cGuDErXYGpeC7hltEddQbK959mDFQ:oEswPT2P8cGuD7G4C18ne5Q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[xtron@cock.li].tron | 1.88 KB |
MD5:
8dee8a9577796142832d6f1a8122f0e7
SHA1: bb1a5bcd8f354ab29797302b961560a0b06589d6 SHA256: cc94748b84fe38a8023a2f02ee073573ed28345242eb89539db2e33168ee99b5 SSDeep: 48:KyDsBsI6jJu3lezhGbtmnc5YwloUA5lYsbukVN88:GBsljJgbgcw5lVV |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[xtron@cock.li].tron | 65.85 KB |
MD5:
a17fe35bdea13b671c4d61e42a1aaeea
SHA1: 9d77ea4a98307ebc4649e21aab85721ce26c516b SHA256: 2825fa6efb525ad77b39fcc39b9426e22990a2e4bf79c75c1137c497aa65775c SSDeep: 1536:UfL8k+ejK8OoIPvCpA4xhcYpqSwTVUdcfRy3dq3VnaXM/BJs:UaUK8OoRpAhDScWc5y3dq3Va8/Ds |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
052b4a3aaf24e1879297e0f1408c7662
SHA1: ccf2d2087988828f8117c27f1ec3ccaf4b5b926d SHA256: 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 SSDeep: 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.99 KB |
MD5:
554577f0439659b91e9158bb91c01d30
SHA1: 393c7681b1a3b24a6f1b9e890dbec7278d21f83c SHA256: d78f492d2299c1a5f772e8a4faaf70d9def58c2db727fb432922eee7414a6692 SSDeep: 48:sm66rtLtcGJXLDZX7zwA6LaD4SarayuA1lbioaPIJeJLj2:DVrNt4E81u9rQCK |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[xtron@cock.li].tron | 9.51 KB |
MD5:
3813be7da36fb16d7300b5dfd6466cfd
SHA1: 5a215a9ed2ba1932a81675c394d91cbd9cf41646 SHA256: 347925777c27ec277306aa855e16e5cf7303db2ee75ec8b468453b29b6a5fc2e SSDeep: 192:9G8+ivncgtTO41pT9DbhnKwMfWKonLZCuU8HshZrXs8nk+:c8lrO41R9ZKwM+LZCSOXsD+ |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | 4.42 KB |
MD5:
c0db2d70773c3e98de9722cc71ffb8f9
SHA1: 3992c5e054aa4dc748045dd37f30a935a8072aa1 SHA256: afad73e39e8e7a87e51e6adeb922936680215442dcf51322881856ae0dd2258d SSDeep: 96:EwM/KTRIqSXVvheVR+KLb97y5EIR3S1nxHjIm9HM16G:NM/KwVvYHLbUEqihxHjI/1b |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[xtron@cock.li].tron | 5.67 KB |
MD5:
d3d2fb7d5d5c2dd2d48c4e8ffbdf8eb1
SHA1: 0d5561c4b18b1f1369cd186a8646868ef08198c6 SHA256: b4b57aa0a8ba2fb31dc5ac9baa4a42062a954e83931d1b1a5ef0602b635cc321 SSDeep: 96:o6Y+LjpKZdOay1cw4DGgUOzkH8pwqYrIXxOIrurincTGXadO94lstr:+6NsdAuJUu08kIMKSicTddOGYr |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.54 KB |
MD5:
d6cb2e60b7e7c3ee9568f3ee2a539da9
SHA1: 7b8517942048b8ee84409be7c3192e914a8c7e16 SHA256: 75683d7af0c5b4c2f8ca62d266c4f32ea365af5fd7ce74e64da097a21c61cdab SSDeep: 48:8pSCCcZz+0HeJlKzxCunyQKq3HKNsVWayisR9WGw0/4erW6:KjtHCluxCiL/KOAWGt/h |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[xtron@cock.li].tron | 1.27 KB |
MD5:
710cc38a8565272594082701ec0c516e
SHA1: 74b7350ed865ceaab34411108d7b64d44f351453 SHA256: 6f2955f0f5f41f6b58efc337b019e6509789e4351dcc39dcdaef0046201b55d0 SSDeep: 24:aLzw9ZqgT6eQMruuV580kDdHQoFIq64oEPcnE4hiO3pwV1Ki9Sq8:qzw9DPrY0kDCoFyH3nPh/LiB8 |
|
|
| C:\Boot\BOOTSTAT.DAT.id-9C354B42.[xtron@cock.li].tron | 64.25 KB |
MD5:
9b977a68613f446d551498c31d9fe1ad
SHA1: ea5034c6a632e74f5291ea96f942d7b7ce7c034f SHA256: 51427dba6187982bfcaacad0bf13895987a146d8ad6c708c884ba516acaf2fb3 SSDeep: 1536:nELBpveRiNx0Lewwfvlao1m74JpE8OG6BCqQNWEcLbPMIj+wJVSz:nEL3WRw0LewmXe4JpXcCnWECPP+wJVY |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
3d0e1f18676626331ffefafe53b18248
SHA1: 80d370bf723a4b00b769c1a7266d63de82280ab0 SHA256: 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f SSDeep: 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[xtron@cock.li].tron | 3.36 KB |
MD5:
fdf3743cc6f4c3d5853328f331c804c0
SHA1: be7ff72d6001dee2756b64750da80afb506c128d SHA256: 7650e2f089c665cee8b9918b755b3a5e32aac9e02ba1838ca53fe4e7b761e965 SSDeep: 48:7UuHGG0U4ZCpxShSb5XwdT+byMdmRMd6UxKKAfEiZcB91Y/IomauP8kCNSS5ae7h:rh0Uh8SdggbpmknKXRZcfo5pnae1 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[xtron@cock.li].tron | 848.75 KB |
MD5:
26d54ff3ce216956960e2f52dea0e13d
SHA1: 6a7fb11b2dd1e40451e7891bdb7618092e557a88 SHA256: 157cbd942eda1d7602acb54858632f0e7d9a50acf77d4d34b12af7d16fb193dc SSDeep: 24576:DmYq5cpMQv+azjTLSd121QsycHGyM6BcElXjcKKj:TOOMQvzzjTLawpCx6BcEM |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[xtron@cock.li].tron | 6.51 KB |
MD5:
b9e9291923a96012a19826e5e0e87e16
SHA1: e430baae3c9986e53c2dbf14702e2631d0aaa053 SHA256: 3ee8785a5df561a5ea7a28c40093df60f250b62eb965f152db42559846b8a294 SSDeep: 96:ZSBR3M+Jjk0myGZ+xc0ht2UKoCZSpeWUKtAfpNWp811ZAv+rYVxugDr:Q/8+jk01GGTsocgMcABNDsv+rYdDr |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | 2.47 KB |
MD5:
ee6d5c9daf7a662a6bc8adad742fe0a0
SHA1: 4af6e531f9cf0a4bead0776b4883e702812285af SHA256: 463059bbb48d6c4fc5577ade5c0a9127389e946e671715393a360ab921a5c22c SSDeep: 48:rEjAVJZZQapUxIhdem6KJxQJxSNqL/y2+EmrOVFt253+eh+kyyPrB6:rEUVJA0mudhQJMQ/DkiVFO3bh+kLI |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
f73e4dd3dae50a07b54af13e715a926d
SHA1: 80cc25c1a8f211dc580d145b97226a8282caa49b SHA256: f14176b003a53d28f7f793d20632bbffb438ed804881be86e40c2754ca02a94f SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+Dvnzi:MUvTiNhU4L7tZiTnprP0txRsDvzi |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.60 KB |
MD5:
04f0d9a247558e6ae4414ef0bfc55921
SHA1: 7b70d102f93c1e18e76066399b057751910c560a SHA256: 2e83708588a9ddc2cdbeda3af11fe3e62c2ea5ba83fc3f74aeebf26d1134401d SSDeep: 48:Al1rAWbbuoJw7PJa6R9WF4Y0Xz1bT+VV81eJpe:A8WbbEaQ9WF4Y0XH |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
6b078cbccbab0d5edeaa1d85f11ba58a
SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT |
|
|
| C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[xtron@cock.li].tron | 0.37 KB |
MD5:
2873fe01d766d63121adb08c8a87a64f
SHA1: aaeadca54add6462dae6c5efd886838636ae6d71 SHA256: c627987eda499dfa76845c93c398987048eaf38d5b685ab1215f30121a560439 SSDeep: 6:qxgrRKsInDc98IcAvsWRRbeiEF6WCSVEw67SQCsjQ+Wht:UgtJInAfcAv3hebkG27SqQ+Wr |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.18 KB |
MD5:
f49ca682214944f434098212bde337da
SHA1: dc60b35704ff7938043a139d7e10eb8cab68f74b SHA256: 851ed0f3b22743ae37322216888e2ae2b4f6988fc293e61250d9bad484b2b84f SSDeep: 48:Y9LYSs3INv4x4NM+TpnRe1ZkZ6MnP03Q1VfXrpr66:Y1fgavFn2QDQ+1rpd |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[xtron@cock.li].tron | 1.55 KB |
MD5:
99d6b8d7c0c38b5aa29ae50637dac9ed
SHA1: 1675969adae12f45cd852cf0a4d9ad52cc8cb0b4 SHA256: a318cf61921c92396b8526333fd353cf2d206516f448c2209cdc0d78b99bb1d3 SSDeep: 48:5EMX3dVUhAfLek3gzeKyYtw9d1qJR8mttP6:6MX3d1fLeugzjQzADC |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[xtron@cock.li].tron | 26.79 KB |
MD5:
71257352c2270067e100421279d3c28c
SHA1: af34517f40a1ef734729dcf8389129bf667beb42 SHA256: 51ba4d7730e6ce8269c6a7d64ba511d59eb0e087d1ff47ce7e40d7daecbcc598 SSDeep: 768:eOhDqf9KWPSSsym+xI5Eftob+pLxAzLgA:3hmffPSSdm+xCO4+RxMR |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[xtron@cock.li].tron | 1.66 KB |
MD5:
76d52798c05d67b70cde4f240469c09b
SHA1: bff9ff04176fba2ba7e8a938ae5e962e268eb2b4 SHA256: 09757a8e2fd71b6356b73f819674c4b9a4876fe8367d0e740c70c22c06ae4975 SSDeep: 24:DTOMcOgmexcvZtC9+a8h9JQv2+eAg6vREQtwmvWDSq6:DPmlSZtC9Sm2Wg6vRPwm+f6 |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.66 KB |
MD5:
bdcdf0c366acb2b9d2908634d303ddf6
SHA1: 456b3f679d79fc015d5b571fea4b84f53b251645 SHA256: 927ebf03883336efccd8c51b7df38a2661e82ec0fd547f047b5086192aa57cf7 SSDeep: 48:QFR5GGBjp/i4Rnwj4IfRX3n+2DFu6M8teJkK:QFR5Z9i4Jwjd3+2Ej |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 6.33 KB |
MD5:
b4f32f504ac9eea7ff701b2ecaddac5e
SHA1: 52b9c737aeda25df7904fee76c4be4027d8c26be SHA256: ae83d3fd4af2ee5e2ea6ffb17604f8df1acdf0a2aeea96ff4b5923d5f93e39a0 SSDeep: 192:Yz4b3DHZ82UzOMlN2Y2BAmfQcX9zerd3yp5XV4b:Y83LfzMaty8zX9Wd3ynub |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 30.60 KB |
MD5:
2c192b4ee0c7012b716c2925ac832928
SHA1: 808ea5baa8d158b6f455a1ca165533aeb05a5853 SHA256: a2049dc3d595265729b445a819c26ca19c8e1cfe185b9c204a6f19e497e4d212 SSDeep: 768:uIJOXQJog+1GRZBcwKk08O9Bf7eH8n1RusWDwY9HaQ:uIJOcoX1sZBcm08OTf7eH81R9WH96Q |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[xtron@cock.li].tron | 3.16 MB |
MD5:
46d2df4035faa6a219ab85169d4f583c
SHA1: 70b570706cf5780710cd65b5c97e2acb6fdd1496 SHA256: 1c277c08104a50ac6395b1afa90cf5f2d9b16a80df016822a065b101a63f3c4e SSDeep: 49152:zDxL8QBoSTex4S120ytJyo+2M1W4uVx+gjASS:zR89r1wHB/VxG |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.66 KB |
MD5:
3752654c85c1eff45272e0722d250d4f
SHA1: ae7f2d6e6c43340d33aa2404dbadc93b3aa6f676 SHA256: 7e3f47c6f89d25d4f6da68cdd9f3df21a87a0b6cfafb952c64249ae0bae22c0a SSDeep: 48:chGb4qBzy0dBhHAT6gSjX6jNTFllGeJGY/l:cF0dB18BlL |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[xtron@cock.li].tron | 1.03 KB |
MD5:
ba9d97de035c1d6e9a1ceb69e3cbb36e
SHA1: a355a01262db7951e180bd287288a171951496dd SHA256: 8a93a6754a547d26c5b4badcc07976dedc74faf96fd4ac10153e5ed0f68017aa SSDeep: 24:w0Y4fC54f424Qw67u1PphQA0MoJVNyg9VYGASqgt:dzC5R2e67oPphQA1+Nyg9VYjg |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.76 KB |
MD5:
7d8df4ea91237650ffa2c10b75da47a3
SHA1: c91a6a43374f1d8446f365cebd63e501c44e1873 SHA256: 353e9ea7c4d76665ba91ba7f61ec8294228eebe1c8eac69d05624d5ae951e687 SSDeep: 48:JZETH8a1huNb1QVzSeNAXwsjE4Zp+eJ4g:Od1scOhXC4f5 |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.07 KB |
MD5:
b5740004014289f66b37cea43ac84be7
SHA1: f9095d279f836b03f06ab7e1b2a3f26b310816b7 SHA256: 53bf55e96d2c774c4c87b054e7c73dcaadef00a71a20356f8788b98d36578c43 SSDeep: 48:mADWDP44MF467LTXbnIzI6Y2D+G5PXc+W1tLi1A4nrJ6:nWDXMn7L/4g2DrunTMpnw |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[xtron@cock.li].tron | 582.61 KB |
MD5:
f27fe0b6d9f73d8f472b0b23776dcfea
SHA1: ccbd9a349627a271e0fca8c601846f39b963a9f1 SHA256: 2ff4138838783a78d313d799d1194efd64275750bbf57d87ddc609e36e22e202 SSDeep: 12288:Xl/+lXhqWRIcRX9U1iQZZiq+mqq4feLdFgypN3R:Xl/eRqWRBr1q+mqqLLfgypN3R |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 1.65 KB |
MD5:
0f73388a84adc32fba0fd61c6af64919
SHA1: f01ef160b4ac4218221828e290d60b44359bf7bc SHA256: 9710aabd94283d22b6df20958c239811a7dee5ca1a3091d09cfde8fc24546d7d SSDeep: 48:cqrEq2EreLYeo3WJcD81M2d9kb44G7irgV6:cqIq/rgYUagkg20w |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[xtron@cock.li].tron | 1.44 KB |
MD5:
37288f13be9e58340daeec56bd354aea
SHA1: a111ddb9865f91cc49bf8332a9b052be585b974f SHA256: 5ee7682aa23b825655cced689fbb03e8c323fb58764f75e130319c087292ca53 SSDeep: 24:PEyZWegNnB6YA1OcOLvfOm2ruRIwV/3r4ePEUuH3zNE/Uf/eJVSqe:8GCNB6fXOzWsRh3UaSxL/eJJe |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[xtron@cock.li].tron | 1.56 KB |
MD5:
7dac0b76a39da319eef6facc5dd32074
SHA1: 49478a95c3053130b15c2ea5ec7e4990f3e5f765 SHA256: 24ee3b46e2e335d5a689169aa691573b98affc4efb992454a216bc1528595533 SSDeep: 24:AHr8IPEEK514H8trDNJHq0ednmlHa79s4XBuypDsji9RDFeGWSKaqSqi:Cr8/P1Owr5JHsnmlHapXzp1fMQKti |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 16.52 KB |
MD5:
4f6b4e203e3bb183a90dcd5247ac0d7a
SHA1: fadbca5e05e9106fd347ab0bf8880661601b9fd7 SHA256: 5eff4569e711331892a9b56d399efcff093fcae3364a2fa2f7cf3f4533150ca8 SSDeep: 384:BWGeI1p+YDLZp1nPpqyA7pvqrLdfKw75DD4JnFZhqxvL:BWGnVDr1nPpqyAdyrRfwfS |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.80 KB |
MD5:
d6a22fc8c77ad97f9428dceb0f9263b5
SHA1: 769fede417ef14086a2214c070dddcd27e1c8870 SHA256: ec1eeee932a650065a8f056e74ed4b8d74780ab21f44aa4401f824b5c87fb899 SSDeep: 48:XBxXdZVb34Ks53LXn5BnHIQpLzLN8rzW6Y+T27H9g0/skT3TlxTHxv8Urw6:f934NX5BnbJzKrQcsdhTf18Uz |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | 4.42 KB |
MD5:
0f17b4db9ea5560e7c4e2754a3ec4a37
SHA1: bef26a13eed6c2814ed90a0929f3f5a66aded7dd SHA256: 11bcad750fbca550fbdc3e445202e13066071dc13ac87265893257f42755760c SSDeep: 96:ANjLA4KIlwpz3rw5r5+KyNqmE7K26HxFTlEBttoK3DU:ANj2IiUOEeBHxQtK2w |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[xtron@cock.li].tron | 582.61 KB |
MD5:
9555dc1dd3294b26cfe6d3b436f8ebae
SHA1: 2f730d6b92c40ae6358020811402a925846c7f1f SHA256: 14a353b453dfa074528724d8c9e01648b0413b321cefdc828586f57ddf83075b SSDeep: 12288:Z2OUe2VMyJm1NE+R/YcgO3HZWirF16vp7vJMLAlTbkwnN40E:ZD26I+EyQerF2pdtbkG40E |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[xtron@cock.li].tron | 10.00 MB |
MD5:
06e69471c0bb81eb102e539f0a04490d
SHA1: e0e8dbed58bcba38c03ab546d7753d1f973df44f SHA256: b53484f0eccebe76bbdf0262097d8f747d5a05d0e569a544452eb328aada91bc SSDeep: 196608:iaDH9F7/iHXDI2CPKBUq6qMuGm9vqExoi93nnedBwzSlmKwDhANZbPhn:DDdFDX2J5uuGyCfi9uIQmlANRh |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[xtron@cock.li].tron | 1.14 KB |
MD5:
9afd60e53b428387350dc94298ead888
SHA1: 4f1b90551609767bd7f9f242e00fba657b66eb1d SHA256: 7e32e2c3d97b7ec5967a6497673481d53a53e730f521915da48a77cf538565e0 SSDeep: 24:YXnnt/a5HZ8yXCEln8WgnAgm7lR5wO+cyjKNSqi:CnnpMKyXCElkET5HwjKxi |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[xtron@cock.li].tron | 1.05 KB |
MD5:
b22a94cfd216384853af456f5d11376d
SHA1: e67dc255d9db49f4cd96823c495d880bd1b23331 SHA256: cfb305543ccbeace03cdfd5843e911963d20eb00dfa7cd62bcb2e6fe9aea15b8 SSDeep: 24:QomNkntI5KPj0ZYLn2Vz4vV07jhYfXS2TmTSqY/l:QoxtIkJCduV0YS2TmPY/l |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[xtron@cock.li].tron | 8.76 KB |
MD5:
3c353e3a99ad7d13d5f0481db2730b4c
SHA1: 8d47e14f2e3d5a7abd057be97e3c68e4201b2d35 SHA256: 7936f8099087c6eb78c50657073a8426e5e6ed2c63c4765222b997433d98c051 SSDeep: 192:9/hwjHSv6cHaXvNb62KOkKu53FMUVUnMbzby86DvvEgNW41dOo5SOhId:1hw5l9j8VUoby8KvvzZ1dOkru |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[xtron@cock.li].tron | 1.05 KB |
MD5:
7e9422020f0821bb2a39255547f1678b
SHA1: f7ac8ed619a9455e1a4494e25c2b2af7a02caecd SHA256: d137378694a547c7c2243e6d16bcd05db53a8ea264e347d8e00eb0c2bf159d0f SSDeep: 24:kCMdERrGojTlL5R/+SQLq8hbaNVrtf3xWS2T4SqY/l:kCc4BVRAewEXL2T2Y/l |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | 2.47 KB |
MD5:
2bd39798ade48f11042527b6a2c5db4b
SHA1: dae67abc591f0d73d5b961c171404744b1911497 SHA256: 2370ecd4773bdd459b682defd66578188144d8b1d3116e8c9d4fb46e841c3c67 SSDeep: 48:F2Tq7lSdhxryamj9JhifTmIJ/kXPgL5UGXKJ3pUDS1RVrbB6:FEqo9okKIuPgLWIKrUeTns |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[xtron@cock.li].tron | 1.66 KB |
MD5:
b37da81f0f7707256167c242de44849e
SHA1: 7c2375dbe2cf16ef4512f77f6eabab0a9a265a91 SHA256: 1e4a8e150cea447416d3856e6453aacff243162ac5c595ebc6ee19b95794f739 SSDeep: 48:b1QJBPPVzIsNuomPcPe8byaOgXQ8fsBLt06:bSJrjMueHuQp5 |
|
|
Host Behavior
File (2799)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Windows\System32\w2rujjry.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG1 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BCD.LOG2 | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\BOOTSTAT.DAT.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\BOOTSECT.BAK.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF | desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[xtron@cock.li].tron | desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Create Pipe | Anonymous read pipe | size = 0 |
|
1 | |
| Get Info | C:\Boot\BCD.LOG1 | type = size, size_out = 129 |
|
1 | |
| Get Info | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | type = file_attributes |
|
1 | |
| Get Info | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Boot\da-DK\bootmgr.exe.mui | type = size, size_out = 87616 |
|
1 | |
| Get Info | C:\Boot\da-DK\bootmgr.exe.mui | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\da-DK\bootmgr.exe.mui.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\de-DE\bootmgr.exe.mui | type = size, size_out = 91712 |
|
1 | |
| Get Info | C:\Boot\de-DE\bootmgr.exe.mui | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\de-DE\bootmgr.exe.mui.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\el-GR\bootmgr.exe.mui | type = size, size_out = 94800 |
|
1 | |
| Get Info | C:\Boot\el-GR\bootmgr.exe.mui | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\el-GR\bootmgr.exe.mui.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\en-US\bootmgr.exe.mui | type = size, size_out = 85056 |
|
1 | |
| Get Info | C:\Boot\en-US\bootmgr.exe.mui | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\en-US\bootmgr.exe.mui.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\en-US\memtest.exe.mui | type = size, size_out = 43600 |
|
1 | |
| Get Info | C:\Boot\en-US\memtest.exe.mui | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\en-US\memtest.exe.mui.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\es-ES\bootmgr.exe.mui | type = size, size_out = 90192 |
|
1 | |
| Get Info | C:\Boot\es-ES\bootmgr.exe.mui | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\es-ES\bootmgr.exe.mui.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[xtron@cock.li].tron | type = size, size_out = 65536 |
|
1 | |
| Get Info | C:\Boot\BOOTSTAT.DAT | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\BOOTSTAT.DAT.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\BCD.LOG2 | type = size, size_out = 0 |
|
1 | |
| Get Info | C:\Boot\BOOTSTAT.DAT | type = size, size_out = 89168 |
|
1 | |
| Get Info | C:\Boot\cs-CZ\bootmgr.exe.mui | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\cs-CZ\bootmgr.exe.mui.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | type = size, size_out = 2503680 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Boot\BOOTSTAT.DAT.id-9C354B42.[xtron@cock.li].tron | type = size, size_out = 8192 |
|
1 | |
| Get Info | C:\BOOTSECT.BAK | type = file_attributes |
|
1 | |
| Get Info | C:\BOOTSECT.BAK.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | type = size, size_out = 2506240 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | type = size, size_out = 70361744 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | type = size, size_out = 1565 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | type = size, size_out = 1450 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 2296 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 1886 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | type = size, size_out = 1450 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 1608 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | type = size, size_out = 3186 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 4207 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | type = size, size_out = 2513920 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | type = size, size_out = 1347 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | type = size, size_out = 1800 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | type = size, size_out = 9958388 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab | type = size, size_out = 1457 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | type = size, size_out = 1458 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | type = size, size_out = 811 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 5884 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | type = size, size_out = 1383 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 2362 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | type = size, size_out = 1231 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 1852 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 2424 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | type = size, size_out = 1606 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 6241 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | type = size, size_out = 9503 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 1988 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | type = size, size_out = 1452 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 1872 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | type = size, size_out = 913 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 1452 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | type = size, size_out = 14819276 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | type = size, size_out = 2865664 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | type = size, size_out = 819 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | type = size, size_out = 27195 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | type = size, size_out = 67190 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 9352 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | type = size, size_out = 596341 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | type = size, size_out = 1349 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | type = size, size_out = 43806141 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | type = size, size_out = 596341 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | type = size, size_out = 5557 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | type = size, size_out = 819 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 2624 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | type = size, size_out = 2522624 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | type = size, size_out = 4274 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | type = size, size_out = 6421 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | type = size, size_out = 16852 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 31094 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | type = size, size_out = 4274 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 16683 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | type = size, size_out = 4274 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | type = size, size_out = 20577 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | type = size, size_out = 11482605 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | type = size, size_out = 875520 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | type = size, size_out = 8723 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | type = size, size_out = 15067 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | type = size, size_out = 1069 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | type = size, size_out = 1061 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | type = size, size_out = 1682 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | type = size, size_out = 89600 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | type = size, size_out = 27045 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | type = size, size_out = 791686 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml | type = size, size_out = 13642474 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | type = size, size_out = 881152 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[xtron@cock.li].tron | type = size, size_out = 33280 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | type = size, size_out = 21064532 |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab | type = file_attributes |
|
1 | |
| Get Info | C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi | type = size, size_out = 31744 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | type = size, size_out = 222208 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi | type = size, size_out = 194048 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | type = size, size_out = 1600388 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | type = size, size_out = 224256 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | type = size, size_out = 197120 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | type = size, size_out = 62976 |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.id-9C354B42.[xtron@cock.li].tron | type = file_attributes |
|
1 | |
| Get Info | C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml | type = size, size_out = 212 |
|
1 | |
| Write | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[xtron@cock.li].tron | size = 144 |
|
1 | |
| Write | C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[xtron@cock.li].tron | size = 15072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[xtron@cock.li].tron | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[xtron@cock.li].tron | size = 1072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[xtron@cock.li].tron | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[xtron@cock.li].tron | size = 1696 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[xtron@cock.li].tron | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1072 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[xtron@cock.li].tron | size = 224 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | size = 881168 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[xtron@cock.li].tron | size = 1952 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[xtron@cock.li].tron | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 2304 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[xtron@cock.li].tron | size = 786688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[xtron@cock.li].tron | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[xtron@cock.li].tron | size = 832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[xtron@cock.li].tron | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 1856 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 242 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 5568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[xtron@cock.li].tron | size = 832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[xtron@cock.li].tron | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[xtron@cock.li].tron | size = 37696 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[xtron@cock.li].tron | size = 71248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[xtron@cock.li].tron | size = 226 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 2640 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[xtron@cock.li].tron | size = 596352 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[xtron@cock.li].tron | size = 27200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[xtron@cock.li].tron | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 242 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 2368 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[xtron@cock.li].tron | size = 67200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 9360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 2000 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 4208 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 3200 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 246 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 1888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[xtron@cock.li].tron | size = 26944 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[xtron@cock.li].tron | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[xtron@cock.li].tron | size = 4288 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[xtron@cock.li].tron | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[xtron@cock.li].tron | size = 6432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[xtron@cock.li].tron | size = 238 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[xtron@cock.li].tron | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 1888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[xtron@cock.li].tron | size = 1472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[xtron@cock.li].tron | size = 1472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[xtron@cock.li].tron | size = 816 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[xtron@cock.li].tron | size = 16864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[xtron@cock.li].tron | size = 240 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 31104 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 6256 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 16688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 20592 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 1616 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[xtron@cock.li].tron | size = 8736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[xtron@cock.li].tron | size = 11472 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 1808 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 5888 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 2432 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[xtron@cock.li].tron | size = 1856 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[xtron@cock.li].tron | size = 39024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[xtron@cock.li].tron | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[xtron@cock.li].tron | size = 2688 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[xtron@cock.li].tron | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[xtron@cock.li].tron | size = 8928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[xtron@cock.li].tron | size = 230 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[xtron@cock.li].tron | size = 656 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[xtron@cock.li].tron | size = 8576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[xtron@cock.li].tron | size = 228 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[xtron@cock.li].tron | size = 227312 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[xtron@cock.li].tron | size = 232 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[xtron@cock.li].tron | size = 1048560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1584 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[xtron@cock.li].tron | size = 134864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | size = 519600 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 25248 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 34928 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 2192 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 868880 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 20640 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 244 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 33024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1936 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 27408 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 19792 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 2864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 31840 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 2736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 43280 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 960 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 29936 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1376 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 32608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 3488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 20576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1296 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1296 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 28608 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 2048 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 20384 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | size = 415024 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 262144 |
|
2 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 25120 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 26416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1360 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 32448 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 5136 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 32416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 60736 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 33280 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | size = 786690 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 3968 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 33568 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 5184 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 19488 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 18832 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 2560 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1664 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 262144 |
|
3 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1392 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 18416 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 2480 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 1376 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 2576 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[xtron@cock.li].tron | size = 234 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 48128 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 37456 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 44864 |
|
1 | |
| Write | C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[xtron@cock.li].tron | size = 236 |
|
1 | |
| Delete | C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml | - |
|
1 | |
|
For performance reasons, the remaining 1641 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (8)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders | value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Write Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | value_name = w2rujjry.exe, data = C:\Windows\System32\w2rujjry.exe, size = 64, type = REG_SZ |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb14, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 |
Module (139)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x75a20000 |
|
2 | |
| Load | KERNEL32.dll | base_address = 0x75a20000 |
|
1 | |
| Load | NTDLL | base_address = 0x77850000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x75b30000 |
|
1 | |
| Load | user32.dll | base_address = 0x756f0000 |
|
1 | |
| Load | Shell32.dll | base_address = 0x76670000 |
|
1 | |
| Load | ntdll.dll | base_address = 0x77850000 |
|
1 | |
| Load | mpr.dll | base_address = 0x74030000 |
|
1 | |
| Load | ws2_32.dll | base_address = 0x764c0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75a20000 |
|
16 | |
| Get Filename | - | process_name = c:\windows\syswow64\msiexec.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\w2rujjry.exe, size = 32767 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75a31222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address_out = 0x75a334b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x75a354ee |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75a34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address_out = 0x75a49af0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileSizeEx, address_out = 0x75a359e2 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x75a34950 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileAttributesW, address_out = 0x75a31b18 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75a37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x75a35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameW, address_out = 0x75a3dd0e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetComputerNameA, address_out = 0x75a4b6e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateMutexW, address_out = 0x75a3424c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenW, address_out = 0x75a31700 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x75a35a4b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75a31809 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x75a31136 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalDrives, address_out = 0x75a35371 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75a3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x75a389b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x75a3170d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x75a31916 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75a310ff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77872270 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75a33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75a33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenMutexW, address_out = 0x75a35151 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x778722b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForMultipleObjects, address_out = 0x75a34220 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiW, address_out = 0x75a4d5cd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcmpiA, address_out = 0x75a33e8e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x778845f5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReleaseMutex, address_out = 0x75a3111e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75a31410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersion, address_out = 0x75a34467 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75a334d5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExpandEnvironmentStringsW, address_out = 0x75a34173 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x75a31725 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceFrequency, address_out = 0x75a341f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x75a311f8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75a4d4f7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVolumeInformationW, address_out = 0x75a4c860 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75a31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x75a4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x75a4ce2e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x75a34435 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x75a314e9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77891f6e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7787e026 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x75a314c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreatePipe, address_out = 0x75ab415b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetHandleInformation, address_out = 0x75a4195c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x75a3103d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address_out = 0x75a33bca |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringA, address_out = 0x75a33c5a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = OpenProcess, address_out = 0x75a31986 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x75a4d802 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTime, address_out = 0x75a35a96 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SystemTimeToFileTime, address_out = 0x75a35a7e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75a311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateToolhelp32Snapshot, address_out = 0x75a5735f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32NextW, address_out = 0x75a5896c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Process32FirstW, address_out = 0x75a58baf |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExW, address_out = 0x75b4468d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExW, address_out = 0x75b446ad |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExW, address_out = 0x75b414d6 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x75b4469d |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x75b44304 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = GetTokenInformation, address_out = 0x75b4431c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenSCManagerW, address_out = 0x75b3ca64 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenServiceW, address_out = 0x75b3ca4c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = CloseServiceHandle, address_out = 0x75b4369c |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ControlService, address_out = 0x75b57144 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = QueryServiceStatus, address_out = 0x75b42a86 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumDependentServicesW, address_out = 0x75b31e3a |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = EnumServicesStatusExW, address_out = 0x75b3b466 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = SystemParametersInfoW, address_out = 0x757090d3 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteExW, address_out = 0x76691e46 |
|
1 | |
| Get Address | c:\windows\syswow64\ntdll.dll | function = NtQuerySystemInformation, address_out = 0x7786fda0 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x74032dd6 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumW, address_out = 0x74032f06 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceW, address_out = 0x74033058 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = WSAStartup, address_out = 0x764c3ab2 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = socket, address_out = 0x764c3eb8 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = send, address_out = 0x764c6f01 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = recv, address_out = 0x764c6b0e |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = connect, address_out = 0x764c6bdd |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = closesocket, address_out = 0x764c3918 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = gethostbyname, address_out = 0x764d7673 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = inet_addr, address_out = 0x764c311b |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = ntohl, address_out = 0x764c2d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htonl, address_out = 0x764c2d57 |
|
1 | |
| Get Address | c:\windows\syswow64\ws2_32.dll | function = htons, address_out = 0x764c2d8b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x75a4d650 |
|
16 |
Service (54)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
4 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
2 |
System (176)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Sleep | duration = 500 milliseconds (0.500 seconds) |
|
17 | |
| Sleep | duration = -1 (infinite) |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
16 | |
| Get Time | type = Ticks, time = 168465 |
|
3 | |
| Get Time | type = Ticks, time = 169401 |
|
2 | |
| Get Time | type = Ticks, time = 169588 |
|
2 | |
| Get Time | type = Ticks, time = 169994 |
|
2 | |
| Get Time | type = Ticks, time = 170337 |
|
2 | |
| Get Time | type = Ticks, time = 170633 |
|
4 | |
| Get Time | type = Ticks, time = 170977 |
|
2 | |
| Get Time | type = Ticks, time = 171101 |
|
2 | |
| Get Time | type = Ticks, time = 171523 |
|
2 | |
| Get Time | type = Ticks, time = 171881 |
|
4 | |
| Get Time | type = Ticks, time = 172084 |
|
2 | |
| Get Time | type = Ticks, time = 172256 |
|
2 | |
| Get Time | type = Ticks, time = 172724 |
|
2 | |
| Get Time | type = Ticks, time = 172958 |
|
4 | |
| Get Time | type = Ticks, time = 173270 |
|
2 | |
| Get Time | type = Ticks, time = 173441 |
|
2 | |
| Get Time | type = Ticks, time = 173785 |
|
2 | |
| Get Time | type = Ticks, time = 174253 |
|
4 | |
| Get Time | type = Ticks, time = 174565 |
|
2 | |
| Get Time | type = Ticks, time = 174721 |
|
2 | |
| Get Time | type = Ticks, time = 175111 |
|
2 | |
| Get Time | type = Ticks, time = 175423 |
|
4 | |
| Get Time | type = Ticks, time = 175563 |
|
2 | |
| Get Time | type = Ticks, time = 175672 |
|
2 | |
| Get Time | type = Ticks, time = 175781 |
|
2 | |
| Get Time | type = Ticks, time = 175891 |
|
2 | |
| Get Time | type = Ticks, time = 176015 |
|
2 | |
| Get Time | type = Ticks, time = 176281 |
|
2 | |
| Get Time | type = Ticks, time = 176702 |
|
4 | |
| Get Time | type = Ticks, time = 176905 |
|
2 | |
| Get Time | type = Ticks, time = 177263 |
|
2 | |
| Get Time | type = Ticks, time = 177497 |
|
2 | |
| Get Time | type = Ticks, time = 177607 |
|
2 | |
| Get Time | type = Ticks, time = 177997 |
|
4 | |
| Get Time | type = Ticks, time = 178433 |
|
2 | |
| Get Time | type = Ticks, time = 178558 |
|
2 | |
| Get Time | type = Ticks, time = 178667 |
|
2 | |
| Get Time | type = Ticks, time = 179198 |
|
4 | |
| Get Time | type = Ticks, time = 179479 |
|
2 | |
| Get Time | type = Ticks, time = 179744 |
|
2 | |
| Get Time | type = Ticks, time = 180118 |
|
2 | |
| Get Time | type = Ticks, time = 180321 |
|
4 | |
| Get Time | type = Ticks, time = 180539 |
|
2 | |
| Get Time | type = Ticks, time = 180695 |
|
2 | |
| Get Time | type = Ticks, time = 180961 |
|
2 | |
| Get Time | type = Ticks, time = 181288 |
|
2 | |
| Get Time | type = Ticks, time = 181694 |
|
4 | |
| Get Time | type = Ticks, time = 181959 |
|
2 | |
| Get Time | type = Ticks, time = 182240 |
|
2 | |
| Get Time | type = Ticks, time = 182552 |
|
2 | |
| Get Time | type = Ticks, time = 182755 |
|
4 | |
| Get Time | type = Ticks, time = 183082 |
|
2 | |
| Get Time | type = Ticks, time = 183597 |
|
2 | |
| Get Time | type = Ticks, time = 183784 |
|
4 | |
| Get Time | type = Ticks, time = 184112 |
|
2 | |
| Get Time | type = Ticks, time = 184502 |
|
2 | |
| Get Time | type = Ticks, time = 184689 |
|
2 | |
| Get Info | type = Operating System |
|
2 |
Mutex (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Create | mutex_name = Global\syncronize_60E10XA |
|
1 | |
| Create | mutex_name = Global\syncronize_60E10XU |
|
1 | |
| Open | mutex_name = Global\syncronize_60E10XA, desired_access = SYNCHRONIZE |
|
1 | |
| Open | mutex_name = Global\syncronize_60E10XU, desired_access = SYNCHRONIZE |
|
1 |
Process #3: cmd.exe
245
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:50, Reason: Child Process |
| Unmonitor | End Time: 00:02:14, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb14 |
| Parent PID | 0xab8 (c:\windows\syswow64\msiexec.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B18
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x00100000 | 0x00110fff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002b0000 | 0x002b0000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0053ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000540000 | 0x00540000 | 0x006c7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006d0000 | 0x006d0000 | 0x00850fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000860000 | 0x00860000 | 0x01c5ffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001c60000 | 0x01c60000 | 0x01fa2fff | Pagefile Backed Memory | r |
|
|
|
- |
| basebrd.dll | 0x01fb0000 | 0x02077fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000002080000 | 0x02080000 | 0x02472fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x02480000 | 0x0274efff | Memory Mapped File | r |
|
|
|
- |
| cmd.exe | 0x49f50000 | 0x49fa8fff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x77450000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77550000 | 0x7766efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff7000 | 0x7fff7000 | 0x7fff7fff | Private Memory | rw |
|
|
|
- |
| winbrand.dll | 0x7fef42c0000 | 0x7fef42c7fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd920000 | 0x7fefd98afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefdb10000 | 0x7fefdbaefff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdc90000 | 0x7fefdcf6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdd00000 | 0x7fefddc8fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe0a0000 | 0x7fefe1a8fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefe350000 | 0x7fefe35dfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7feff950000 | 0x7feff97dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feff990000 | 0x7feff990fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffdd000 | 0x7fffffdd000 | 0x7fffffdefff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdf000 | 0x7fffffdf000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Host Behavior
File (182)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
11 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
5 | |
| Open | STD_OUTPUT_HANDLE | - |
|
25 | |
| Open | STD_INPUT_HANDLE | - |
|
69 | |
| Read | STD_INPUT_HANDLE | size = 1, size_out = 1 |
|
60 | |
| Write | STD_OUTPUT_HANDLE | size = 36 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 63 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (4)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\mode.com | os_pid = 0xb5c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\vssadmin.exe | os_pid = 0xb70, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | C:\Windows\system32\mode.com | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Get Info | C:\Windows\system32\vssadmin.exe | type = PROCESS_BASIC_INFORMATION |
|
1 |
Memory (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Read | C:\Windows\system32\mode.com | address = 0x7fffffd4000, size = 896 |
|
1 | |
| Read | C:\Windows\system32\vssadmin.exe | address = 0x7fffffd3000, size = 896 |
|
1 |
Module (10)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | NTDLL.DLL | base_address = 0x77670000 |
|
1 | |
| Get Handle | c:\windows\system32\cmd.exe | base_address = 0x49f50000 |
|
1 | |
| Get Handle | c:\windows\system32\kernel32.dll | base_address = 0x77550000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetThreadUILanguage, address_out = 0x77566d40 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = CopyFileExW, address_out = 0x775623d0 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = IsDebuggerPresent, address_out = 0x77558290 |
|
1 | |
| Get Address | c:\windows\system32\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x775617e0 |
|
1 | |
| Get Address | c:\windows\system32\ntdll.dll | function = NtQueryInformationProcess, address_out = 0x776c14a0 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2018-11-07 00:00:55 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 169307 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (25)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
8 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
3 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
3 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
2 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
2 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: mode.com
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\mode.com |
| Command Line | mode con cp select=1251 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:53, Reason: Child Process |
| Unmonitor | End Time: 00:01:58, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb5c |
| Parent PID | 0xb14 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B4C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x00050fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000060000 | 0x00060000 | 0x00060fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x000effff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x000f0000 | 0x00100fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00116fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000120000 | 0x00120000 | 0x00121fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00230000 | 0x00296fff | Memory Mapped File | r |
|
|
|
- |
| ulib.dll.mui | 0x002a0000 | 0x002d7fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x0034ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x0044ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000450000 | 0x00450000 | 0x005d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000005e0000 | 0x005e0000 | 0x00760fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000770000 | 0x00770000 | 0x01b6ffff | Pagefile Backed Memory | r |
|
|
|
- |
| user32.dll | 0x77450000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77550000 | 0x7766efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| mode.com | 0xff600000 | 0xff60bfff | Memory Mapped File | rwx |
|
|
|
- |
| ulib.dll | 0x7fef4290000 | 0x7fef42b7fff | Memory Mapped File | rwx |
|
|
|
- |
| ureg.dll | 0x7fef42d0000 | 0x7fef42dbfff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x7fefbf10000 | 0x7fefbf65fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd920000 | 0x7fefd98afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefdb10000 | 0x7fefdbaefff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdc90000 | 0x7fefdcf6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdd00000 | 0x7fefddc8fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe0a0000 | 0x7fefe1a8fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7fefe330000 | 0x7fefe34efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefe350000 | 0x7fefe35dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff740000 | 0x7feff81afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feff820000 | 0x7feff94cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7feff950000 | 0x7feff97dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feff990000 | 0x7feff990fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd4000 | 0x7fffffd4000 | 0x7fffffd4fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #5: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:01:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:14, Reason: Self Terminated |
| Monitor Duration | 00:00:15 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb70 |
| Parent PID | 0xb14 (c:\windows\system32\cmd.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B60
0x
B50
0x
B84
0x
758
0x
BBC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x0002ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00033fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000040000 | 0x00040000 | 0x00040fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00050000 | 0x000b6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000c0000 | 0x000c0000 | 0x000c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000000d0000 | 0x000d0000 | 0x000d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| vssadmin.exe.mui | 0x000e0000 | 0x000ecfff | Memory Mapped File | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x0016ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x00170fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x00180fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00190fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x002affff | Private Memory | rw |
|
|
|
- |
| c_1251.nls | 0x002b0000 | 0x002c0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000002d0000 | 0x002d0000 | 0x002d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0042ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000430000 | 0x00430000 | 0x005b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000005c0000 | 0x005c0000 | 0x00740fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000750000 | 0x00750000 | 0x01b4ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001c00000 | 0x01c00000 | 0x01c7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001d00000 | 0x01d00000 | 0x01d7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001d80000 | 0x01d80000 | 0x01dfffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x01e00000 | 0x020cefff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000002160000 | 0x02160000 | 0x021dffff | Private Memory | rw |
|
|
|
- |
| user32.dll | 0x77450000 | 0x77549fff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x77550000 | 0x7766efff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x77670000 | 0x77818fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| vssadmin.exe | 0xffdb0000 | 0xffddcfff | Memory Mapped File | rwx |
|
|
|
- |
| vss_ps.dll | 0x7fef4260000 | 0x7fef4273fff | Memory Mapped File | rwx |
|
|
|
- |
| vsstrace.dll | 0x7fef79b0000 | 0x7fef79c6fff | Memory Mapped File | rwx |
|
|
|
- |
| vssapi.dll | 0x7fef79d0000 | 0x7fef7b7ffff | Memory Mapped File | rwx |
|
|
|
- |
| atl.dll | 0x7fefb070000 | 0x7fefb088fff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x7fefcbb0000 | 0x7fefcbf6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x7fefceb0000 | 0x7fefcec6fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x7fefd4b0000 | 0x7fefd4befff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x7fefd5a0000 | 0x7fefd5b3fff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x7fefd920000 | 0x7fefd98afff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x7fefdb10000 | 0x7fefdbaefff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x7fefdbb0000 | 0x7fefdc86fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x7fefdc90000 | 0x7fefdcf6fff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x7fefdd00000 | 0x7fefddc8fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x7fefddf0000 | 0x7fefdff2fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x7fefe000000 | 0x7fefe098fff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x7fefe0a0000 | 0x7fefe1a8fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x7fefe330000 | 0x7fefe34efff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x7fefe350000 | 0x7fefe35dfff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x7feff740000 | 0x7feff81afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x7feff820000 | 0x7feff94cfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x7feff950000 | 0x7feff97dfff | Memory Mapped File | rwx |
|
|
|
- |
| apisetschema.dll | 0x7feff990000 | 0x7feff990fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x000007fffffb0000 | 0x7fffffb0000 | 0x7fffffd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000007fffffd3000 | 0x7fffffd3000 | 0x7fffffd3fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd6000 | 0x7fffffd6000 | 0x7fffffd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffd8000 | 0x7fffffd8000 | 0x7fffffd9fff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffda000 | 0x7fffffda000 | 0x7fffffdbfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffdc000 | 0x7fffffdc000 | 0x7fffffddfff | Private Memory | rw |
|
|
|
- |
| private_0x000007fffffde000 | 0x7fffffde000 | 0x7fffffdffff | Private Memory | rw |
|
|
|
- |
Process #10: w2rujjry.exe
0
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\w2rujjry.exe |
| Command Line | "C:\Windows\System32\w2rujjry.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:48, Reason: Autostart |
| Unmonitor | End Time: 00:03:05, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x74c |
| Parent PID | 0x6dc (Unknown) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
750
0x
650
0x
408
0x
488
0x
484
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000070000 | 0x00070000 | 0x00070fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000080000 | 0x00080000 | 0x00086fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00091fff | Pagefile Backed Memory | rw |
|
|
|
- |
| msctf.dll.mui | 0x000a0000 | 0x000a0fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x00000000000b0000 | 0x000b0000 | 0x001affff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001d0000 | 0x001d0000 | 0x0020ffff | Private Memory | rw |
|
|
|
- |
| locale.nls | 0x00210000 | 0x00276fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000280000 | 0x00280000 | 0x002bffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000002c0000 | 0x002c0000 | 0x002c1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000002d0000 | 0x002d0000 | 0x002dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x0035ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000360000 | 0x00360000 | 0x00360fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000370000 | 0x00370000 | 0x00371fff | Pagefile Backed Memory | r |
|
|
|
- |
| oleaccrc.dll | 0x00380000 | 0x00380fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000390000 | 0x00390000 | 0x00391fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x003effff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0052ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000530000 | 0x00530000 | 0x006b7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000006c0000 | 0x006c0000 | 0x00840fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000850000 | 0x00850000 | 0x0092efff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000950000 | 0x00950000 | 0x0098ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009d0000 | 0x009d0000 | 0x009dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000009e0000 | 0x009e0000 | 0x00a5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b00000 | 0x00b00000 | 0x00b3ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000b70000 | 0x00b70000 | 0x00baffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000bc0000 | 0x00bc0000 | 0x00bfffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c00000 | 0x00c00000 | 0x00ff2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001010000 | 0x01010000 | 0x0110ffff | Private Memory | rw |
|
|
|
- |
| w2rujjry.exe | 0x011f0000 | 0x01301fff | Memory Mapped File | rwx |
|
|
|
|
| pagefile_0x0000000001310000 | 0x01310000 | 0x0270ffff | Pagefile Backed Memory | r |
|
|
|
- |
| staticcache.dat | 0x02710000 | 0x0303ffff | Memory Mapped File | r |
|
|
|
- |
| sortdefault.nls | 0x03040000 | 0x0330efff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000003310000 | 0x03310000 | 0x0340ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003450000 | 0x03450000 | 0x0354ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000003550000 | 0x03550000 | 0x03892fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000039c0000 | 0x039c0000 | 0x03abffff | Private Memory | rw |
|
|
|
- |
| ieframe.dll | 0x72760000 | 0x731dffff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x73900000 | 0x73977fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73980000 | 0x739fffff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x73a00000 | 0x73a49fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x73bf0000 | 0x73c4bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73c50000 | 0x73c8efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x73e60000 | 0x73e67fff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x74600000 | 0x74620fff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x74630000 | 0x7467bfff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74780000 | 0x74792fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x747a0000 | 0x74823fff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreeis.dll | 0x74830000 | 0x74834fff | Memory Mapped File | rwx |
|
|
|
- |
| oleacc.dll | 0x74ef0000 | 0x74f2bfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74f30000 | 0x750cdfff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x750d0000 | 0x751c4fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x751d0000 | 0x751d8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75260000 | 0x752b6fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x752c0000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x753c0000 | 0x75442fff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x75450000 | 0x75494fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x754a0000 | 0x754abfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x754b0000 | 0x7553efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75570000 | 0x7563bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75640000 | 0x75685fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75690000 | 0x7573bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757a0000 | 0x758affff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x758e0000 | 0x759d4fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75a40000 | 0x76689fff | Memory Mapped File | rwx |
|
|
|
- |
| setupapi.dll | 0x76690000 | 0x7682cfff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x76830000 | 0x76856fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x76860000 | 0x76871fff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x76880000 | 0x76884fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76890000 | 0x7692ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76940000 | 0x76a3ffff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x76a40000 | 0x76c3afff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x76c40000 | 0x76d5cfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d60000 | 0x76e4ffff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x76e50000 | 0x76f85fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77020000 | 0x7717bfff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77200000 | 0x7729cfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000772a0000 | 0x772a0000 | 0x77399fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000773a0000 | 0x773a0000 | 0x774befff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
Process #11: w2rujjry.exe
541
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe |
| Command Line | "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:48, Reason: Autostart |
| Unmonitor | End Time: 00:04:25, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:37 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x75c |
| Parent PID | 0x6dc (Unknown) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
760
0x
518
0x
414
0x
410
0x
7EC
0x
77C
0x
5F4
0x
78C
0x
754
0x
638
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000000f0000 | 0x000f0000 | 0x000fffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000100000 | 0x00100000 | 0x0010ffff | Private Memory | rw |
|
|
|
- |
| w2rujjry.exe | 0x00110000 | 0x00221fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000260000 | 0x00260000 | 0x0029ffff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000002a0000 | 0x002a0000 | 0x002dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002e0000 | 0x002e0000 | 0x002effff | Private Memory | - |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x002fffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000300000 | 0x00300000 | 0x0030ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000310000 | 0x00310000 | 0x00310fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000320000 | 0x00320000 | 0x00320fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000330000 | 0x00330000 | 0x0036ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000370000 | 0x00370000 | 0x003affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000003b0000 | 0x003b0000 | 0x0042ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000430000 | 0x00430000 | 0x0043ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000440000 | 0x00440000 | 0x0044ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000450000 | 0x00450000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x00461fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x004affff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000004b0000 | 0x004b0000 | 0x004b0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000004c0000 | 0x004c0000 | 0x005bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005c0000 | 0x005c0000 | 0x005dffff | Private Memory | rw |
|
|
|
- |
| windowsshell.manifest | 0x005c0000 | 0x005c0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000005c0000 | 0x005c0000 | 0x005c6fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000005d0000 | 0x005d0000 | 0x005dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000005e0000 | 0x005e0000 | 0x0061ffff | Private Memory | rw |
|
|
|
- |
| gdipfontcachev1.dat | 0x00620000 | 0x0063afff | Memory Mapped File | rw |
|
|
|
|
| mscorrc.dll | 0x00620000 | 0x00681fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000690000 | 0x00690000 | 0x0078ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000790000 | 0x00790000 | 0x00917fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000920000 | 0x00920000 | 0x00aa0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ab0000 | 0x00ab0000 | 0x01eaffff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001eb0000 | 0x01eb0000 | 0x01eb1fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000001ec0000 | 0x01ec0000 | 0x01ec1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001ed0000 | 0x01ed0000 | 0x01edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001ee0000 | 0x01ee0000 | 0x01eeffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001ef0000 | 0x01ef0000 | 0x01efffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f00000 | 0x01f00000 | 0x01f0ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001f10000 | 0x01f10000 | 0x0200ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002010000 | 0x02010000 | 0x0400ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004010000 | 0x04010000 | 0x040affff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x040b0000 | 0x04131fff | Memory Mapped File | r |
|
|
|
- |
| segoeui.ttf | 0x040b0000 | 0x0412efff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000040b0000 | 0x040b0000 | 0x0412ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000040b0000 | 0x040b0000 | 0x040bffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000040c0000 | 0x040c0000 | 0x040cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000040f0000 | 0x040f0000 | 0x0412ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004140000 | 0x04140000 | 0x0417ffff | Private Memory | rw |
|
|
|
- |
| tahoma.ttf | 0x04180000 | 0x0422afff | Memory Mapped File | r |
|
|
|
- |
| micross.ttf | 0x04180000 | 0x0421ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004240000 | 0x04240000 | 0x0433ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004360000 | 0x04360000 | 0x0439ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000043e0000 | 0x043e0000 | 0x044dffff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x044e0000 | 0x047aefff | Memory Mapped File | r |
|
|
|
- |
| private_0x00000000047b0000 | 0x047b0000 | 0x0496ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000047b0000 | 0x047b0000 | 0x0488efff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000048f0000 | 0x048f0000 | 0x0492ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004930000 | 0x04930000 | 0x0496ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004970000 | 0x04970000 | 0x04a6ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004b00000 | 0x04b00000 | 0x04b3ffff | Private Memory | rwx |
|
|
|
- |
| sortdefault.nlp | 0x04b40000 | 0x04e11fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004e20000 | 0x04e20000 | 0x04f1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004f60000 | 0x04f60000 | 0x0505ffff | Private Memory | rw |
|
|
|
- |
| msjh.ttf | 0x05060000 | 0x06508fff | Memory Mapped File | r |
|
|
|
- |
| msyh.ttf | 0x05060000 | 0x06522fff | Memory Mapped File | r |
|
|
|
- |
| malgun.ttf | 0x05060000 | 0x05482fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000005060000 | 0x05060000 | 0x0525ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x05260000 | 0x05b8ffff | Memory Mapped File | r |
|
|
|
- |
| comctl32.dll | 0x05b90000 | 0x05d2afff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000005b90000 | 0x05b90000 | 0x05dcafff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000005dd0000 | 0x05dd0000 | 0x061c2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000061d0000 | 0x061d0000 | 0x063a4fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000063b0000 | 0x063b0000 | 0x06584fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006590000 | 0x06590000 | 0x06764fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006770000 | 0x06770000 | 0x06944fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000068f0000 | 0x068f0000 | 0x069effff | Private Memory | rw |
|
|
|
- |
| system.windows.forms.dll | 0x6f360000 | 0x6f7f7fff | Memory Mapped File | rwx |
|
|
|
- |
| system.windows.forms.ni.dll | 0x6f800000 | 0x70457fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x70460000 | 0x70b75fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x70b80000 | 0x7152cfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x71530000 | 0x7275afff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x733a0000 | 0x7352ffff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x73900000 | 0x73977fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73980000 | 0x739fffff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x73a00000 | 0x73a49fff | Memory Mapped File | rwx |
|
|
|
- |
| system.runtime.remoting.ni.dll | 0x73ae0000 | 0x73ba4fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x73bf0000 | 0x73c4bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73c50000 | 0x73c8efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x73e60000 | 0x73e67fff | Memory Mapped File | rwx |
|
|
|
- |
| system.drawing.ni.dll | 0x73ec0000 | 0x7404cfff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x74060000 | 0x740dcfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x741d0000 | 0x7439afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x743a0000 | 0x743adfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x743b0000 | 0x743eafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743f0000 | 0x74405fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x74680000 | 0x74774fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74780000 | 0x74792fff | Memory Mapped File | rwx |
|
|
|
- |
| nlssorting.dll | 0x74820000 | 0x74832fff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x74840000 | 0x74ee7fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74f30000 | 0x750cdfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x750e0000 | 0x75163fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x751d0000 | 0x751d8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75260000 | 0x752b6fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x752c0000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x754b0000 | 0x7553efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75570000 | 0x7563bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75640000 | 0x75685fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75690000 | 0x7573bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757a0000 | 0x758affff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76890000 | 0x7692ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76940000 | 0x76a3ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d60000 | 0x76e4ffff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77020000 | 0x7717bfff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77200000 | 0x7729cfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000772a0000 | 0x772a0000 | 0x77399fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000773a0000 | 0x773a0000 | 0x774befff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 45 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe.config | type = file_attributes |
|
1 | |
| Get Info | C:\nx0w11aw.epd | type = file_attributes |
|
1 | |
| Open Mapping | - | desired_access = 12 |
|
1 |
Registry (3)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 |
Module (443)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x750e0000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x74f30000 |
|
1 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76940000 |
|
1 | |
| Get Handle | c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe | base_address = 0x110000 |
|
12 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | base_address = 0x750e0000 |
|
20 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | base_address = 0x74f30000 |
|
6 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x757a0000 |
|
1 | |
| Get Filename | c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
3 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
3 | |
| Get Filename | c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
6 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
6 | |
| Get Filename | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
6 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x776d25dd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x757b195e |
|
1 | |
| Map | - | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe, protection = PAGE_READONLY, address_out = 0x61d0000 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (29)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 78645294 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 78645494 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 78645534 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 78645574 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 66024 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 66024 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551600, new_long = 47120384 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 78645614 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 66028 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 78645654 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 66030 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1962195145 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 78645734 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 66032 |
|
1 |
Keyboard (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
2 |
System (10)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
3 | |
| Get Info | type = Operating System |
|
2 |
Debug (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe | - |
|
1 | |
| Hide | c:\programdata\microsoft\windows\start menu\programs\startup\w2rujjry.exe | - |
|
1 |
Process #12: w2rujjry.exe
561
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:48, Reason: Autostart |
| Unmonitor | End Time: 00:04:25, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:37 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x764 |
| Parent PID | 0x6dc (Unknown) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
768
0x
514
0x
6B4
0x
404
0x
310
0x
7A4
0x
788
0x
758
0x
7F0
0x
6F4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000020000 | 0x00020000 | 0x00020fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00030fff | Private Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000060000 | 0x00060000 | 0x00060fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00070000 | 0x000d6fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x0012ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000130000 | 0x00130000 | 0x0013ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000140000 | 0x00140000 | 0x0014ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000150000 | 0x00150000 | 0x0015ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000160000 | 0x00160000 | 0x0016ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000170000 | 0x00170000 | 0x0017ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x0018ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000190000 | 0x00190000 | 0x00190fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000001b0000 | 0x001b0000 | 0x0022ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000230000 | 0x00230000 | 0x0023ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000240000 | 0x00240000 | 0x0024ffff | Private Memory | - |
|
|
|
- |
| private_0x0000000000250000 | 0x00250000 | 0x0025ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000260000 | 0x00260000 | 0x00261fff | Pagefile Backed Memory | r |
|
|
|
- |
| w2rujjry.exe | 0x00270000 | 0x00381fff | Memory Mapped File | rwx |
|
|
|
|
| gdipfontcachev1.dat | 0x00390000 | 0x003aafff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000390000 | 0x00390000 | 0x00390fff | Private Memory | rw |
|
|
|
- |
| windowsshell.manifest | 0x003a0000 | 0x003a0fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000003a0000 | 0x003a0000 | 0x003a6fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000003b0000 | 0x003b0000 | 0x003b1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000003c0000 | 0x003c0000 | 0x003fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000400000 | 0x00400000 | 0x004fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000500000 | 0x00500000 | 0x00501fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000510000 | 0x00510000 | 0x0051ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000520000 | 0x00520000 | 0x0055ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000560000 | 0x00560000 | 0x0056ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x0057ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000580000 | 0x00580000 | 0x0067ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000680000 | 0x00680000 | 0x0068ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000690000 | 0x00690000 | 0x0069ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006a0000 | 0x006a0000 | 0x006dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006e0000 | 0x006e0000 | 0x006effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000730000 | 0x00730000 | 0x0073ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000790000 | 0x00790000 | 0x0079ffff | Private Memory | rw |
|
|
|
- |
| comctl32.dll | 0x007a0000 | 0x00821fff | Memory Mapped File | r |
|
|
|
- |
| segoeui.ttf | 0x007a0000 | 0x0081efff | Memory Mapped File | r |
|
|
|
- |
| mscorrc.dll | 0x007a0000 | 0x00801fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000000830000 | 0x00830000 | 0x0086ffff | Private Memory | rwx |
|
|
|
- |
| private_0x0000000000870000 | 0x00870000 | 0x008affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000008b0000 | 0x008b0000 | 0x008effff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000900000 | 0x00900000 | 0x0093ffff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x0000000000940000 | 0x00940000 | 0x00ac7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000ad0000 | 0x00ad0000 | 0x00c50fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x0205ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000020e0000 | 0x020e0000 | 0x021dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000021e0000 | 0x021e0000 | 0x041dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000041e0000 | 0x041e0000 | 0x0427ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004280000 | 0x04280000 | 0x0436ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004280000 | 0x04280000 | 0x0432ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004280000 | 0x04280000 | 0x0431ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004320000 | 0x04320000 | 0x0432ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004330000 | 0x04330000 | 0x0436ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004380000 | 0x04380000 | 0x043bffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004400000 | 0x04400000 | 0x044fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000004500000 | 0x04500000 | 0x045defff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000045f0000 | 0x045f0000 | 0x046effff | Private Memory | rw |
|
|
|
- |
| sortdefault.nls | 0x046f0000 | 0x049befff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004a20000 | 0x04a20000 | 0x04b1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000004bb0000 | 0x04bb0000 | 0x04beffff | Private Memory | rwx |
|
|
|
- |
| sortdefault.nlp | 0x04bf0000 | 0x04ec1fff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004ed0000 | 0x04ed0000 | 0x04fcffff | Private Memory | rw |
|
|
|
- |
| tahoma.ttf | 0x04fd0000 | 0x0507afff | Memory Mapped File | r |
|
|
|
- |
| msjh.ttf | 0x04fd0000 | 0x06478fff | Memory Mapped File | r |
|
|
|
- |
| msyh.ttf | 0x04fd0000 | 0x06492fff | Memory Mapped File | r |
|
|
|
- |
| malgun.ttf | 0x04fd0000 | 0x053f2fff | Memory Mapped File | r |
|
|
|
- |
| micross.ttf | 0x04fd0000 | 0x0506ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x0000000004fd0000 | 0x04fd0000 | 0x051cffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000051d0000 | 0x051d0000 | 0x0527ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x05280000 | 0x05baffff | Memory Mapped File | r |
|
|
|
- |
| comctl32.dll | 0x05bb0000 | 0x05d4afff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000005bb0000 | 0x05bb0000 | 0x05deafff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000005df0000 | 0x05df0000 | 0x061e2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000061f0000 | 0x061f0000 | 0x063c4fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000063d0000 | 0x063d0000 | 0x065a4fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000065b0000 | 0x065b0000 | 0x06784fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006790000 | 0x06790000 | 0x06964fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000006950000 | 0x06950000 | 0x06a4ffff | Private Memory | rw |
|
|
|
- |
| system.windows.forms.dll | 0x6f360000 | 0x6f7f7fff | Memory Mapped File | rwx |
|
|
|
- |
| system.windows.forms.ni.dll | 0x6f800000 | 0x70457fff | Memory Mapped File | rwx |
|
|
|
- |
| system.core.ni.dll | 0x70460000 | 0x70b75fff | Memory Mapped File | rwx |
|
|
|
- |
| system.ni.dll | 0x70b80000 | 0x7152cfff | Memory Mapped File | rwx |
|
|
|
- |
| mscorlib.ni.dll | 0x71530000 | 0x7275afff | Memory Mapped File | rwx |
|
|
|
- |
| gdiplus.dll | 0x733a0000 | 0x7352ffff | Memory Mapped File | rwx |
|
|
|
- |
| mscoreei.dll | 0x73900000 | 0x73977fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73980000 | 0x739fffff | Memory Mapped File | rwx |
|
|
|
- |
| mscoree.dll | 0x73a00000 | 0x73a49fff | Memory Mapped File | rwx |
|
|
|
- |
| system.runtime.remoting.ni.dll | 0x73ae0000 | 0x73ba4fff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x73bf0000 | 0x73c4bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73c50000 | 0x73c8efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x73e60000 | 0x73e67fff | Memory Mapped File | rwx |
|
|
|
- |
| system.drawing.ni.dll | 0x73ec0000 | 0x7404cfff | Memory Mapped File | rwx |
|
|
|
- |
| clrjit.dll | 0x74060000 | 0x740dcfff | Memory Mapped File | rwx |
|
|
|
- |
| microsoft.visualbasic.ni.dll | 0x741d0000 | 0x7439afff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x743a0000 | 0x743adfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x743b0000 | 0x743eafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743f0000 | 0x74405fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr120_clr0400.dll | 0x74680000 | 0x74774fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74780000 | 0x74792fff | Memory Mapped File | rwx |
|
|
|
- |
| nlssorting.dll | 0x74820000 | 0x74832fff | Memory Mapped File | rwx |
|
|
|
- |
| clr.dll | 0x74840000 | 0x74ee7fff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74f30000 | 0x750cdfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x750e0000 | 0x75163fff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x751d0000 | 0x751d8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75260000 | 0x752b6fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x752c0000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x754b0000 | 0x7553efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75570000 | 0x7563bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75640000 | 0x75685fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75690000 | 0x7573bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757a0000 | 0x758affff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76890000 | 0x7692ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76940000 | 0x76a3ffff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d60000 | 0x76e4ffff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77020000 | 0x7717bfff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77200000 | 0x7729cfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000772a0000 | 0x772a0000 | 0x77399fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000773a0000 | 0x773a0000 | 0x774befff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef40000 | 0x7ef40000 | 0x7ef4ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007ef50000 | 0x7ef50000 | 0x7ef9ffff | Private Memory | rwx |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 52 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe.config | type = file_attributes |
|
1 | |
| Get Info | C:\nx0w11aw.epd | type = file_attributes |
|
1 | |
| Open Mapping | - | desired_access = 12 |
|
1 |
Registry (21)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgJITDebugLaunchSetting, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework | value_name = DbgManagedDebugger, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = TZI, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = FirstEntry, data = 2007, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = LastEntry, data = 2008, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2007, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST | value_name = 2008, type = REG_BINARY |
|
2 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Display, data = @tzres.dll,-670, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Std, data = @tzres.dll,-672, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time | value_name = MUI_Dlt, data = @tzres.dll,-671, type = REG_SZ |
|
1 |
Module (446)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | comctl32.dll | base_address = 0x750e0000 |
|
1 | |
| Load | comctl32.dll | base_address = 0x74f30000 |
|
1 | |
| Load | C:\Windows\system32\en-US\tzres.dll.mui | base_address = 0x4390001 |
|
3 | |
| Get Handle | comctl32.dll | base_address = 0x0 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x76940000 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe | base_address = 0x270000 |
|
12 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | base_address = 0x750e0000 |
|
20 | |
| Get Handle | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | base_address = 0x74f30000 |
|
6 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x757a0000 |
|
1 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\w2rujjry.exe, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\ntdll.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SYSTEM32\MSCOREE.DLL, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
3 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNELBASE.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ADVAPI32.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\msvcrt.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\SysWOW64\sechost.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\RPCRT4.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SspiCli.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CRYPTBASE.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\SHLWAPI.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\GDI32.dll, size = 2048 |
|
9 | |
| Get Filename | c:\windows\syswow64\user32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USER32.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\LPK.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\USP10.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\IMM32.DLL, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\MSCTF.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\VERSION.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\MSVCR120_CLR0400.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\b7a12c4c0032847fcc6b9c710460456f\mscorlib.ni.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\ole32.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\uxtheme.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System\500ffa28b327e171fe664023003e947e\System.ni.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\386fde9190d499d6645df8b90eb76242\System.Core.ni.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cfbddeb6e93e8f421b92229b20e51233\Microsoft.VisualBasic.ni.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\OLEAUT32.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\553c0312fdf5a5449f3649f0515e70fb\System.Drawing.ni.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7a6894982f35a1d75ec73d447c583da2\System.Windows.Forms.ni.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\CRYPTSP.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\rsaenh.dll, size = 2048 |
|
9 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\7dc02b53cd1fa9685d4cf9a94fe7998c\System.Runtime.Remoting.ni.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll, size = 2048 |
|
9 | |
| Get Filename | c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\dwmapi.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\RpcRtRemote.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\system32\WindowsCodecs.dll, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\CLBCatQ.DLL, size = 2048 |
|
9 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\psapi.dll, size = 2048 |
|
9 | |
| Get Filename | c:\windows\syswow64\kernel32.dll | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, file_name_orig = C:\Windows\syswow64\KERNEL32.dll, size = 2048 |
|
6 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DefWindowProcW, address_out = 0x776d25dd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsWow64Process, address_out = 0x757b195e |
|
1 | |
| Map | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe, protection = PAGE_READONLY, address_out = 0x61f0000 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Window (29)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | .NET-BroadcastEventWindow.4.0.0.0.141b42a.0 | class_name = .NET-BroadcastEventWindow.4.0.0.0.141b42a.0, wndproc_parameter = 0 |
|
1 | |
| Create | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Create | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, wndproc_parameter = 0 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 79366190 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | TimerNativeWindow | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 79366390 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 79366430 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.0.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 79366470 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 66026 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551608, new_long = 66026 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551600, new_long = 47120384 |
|
1 | |
| Set Attribute | Snake | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551596, new_long = 589824 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 79366510 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 66034 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 2003641821 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 79366550 |
|
1 | |
| Set Attribute | - | class_name = WindowsForms10.Window.8.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 66036 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 1962195145 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551612, new_long = 79366630 |
|
1 | |
| Set Attribute | Score: 0 | class_name = WindowsForms10.STATIC.app.0.141b42a_r14_ad1, index = 18446744073709551604, new_long = 66038 |
|
1 |
Keyboard (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = KB_LOCALE_ID, os_tid = 0, result_out = 67699721 |
|
2 |
System (8)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| Sleep | duration = 50 milliseconds (0.050 seconds) |
|
1 | |
| Sleep | duration = 5 milliseconds (0.005 seconds) |
|
1 | |
| Get Info | type = Hardware Information |
|
1 | |
| Get Info | type = SYSTEM_PROCESS_INFORMATION |
|
1 | |
| Get Info | type = Operating System |
|
2 |
Debug (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe | - |
|
1 | |
| Hide | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\w2rujjry.exe | - |
|
1 |
Process #13: iexplore.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\program files (x86)\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:03:01, Reason: Child Process |
| Unmonitor | End Time: 00:04:25, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:24 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4a4 |
| Parent PID | 0x74c (c:\windows\system32\w2rujjry.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
6B8
0x
46C
0x
480
0x
440
0x
43C
0x
6E8
0x
6EC
0x
714
0x
71C
0x
72C
0x
76C
0x
728
0x
778
0x
330
0x
748
0x
680
0x
360
0x
744
0x
C0
0x
328
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x0000000000050000 | 0x00050000 | 0x0008ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000090000 | 0x00090000 | 0x00093fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x000a0000 | 0x00106fff | Memory Mapped File | r |
|
|
|
- |
| iexplore.exe.mui | 0x00110000 | 0x00111fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x00120fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000130000 | 0x00130000 | 0x00130fff | Private Memory | rw |
|
|
|
- |
| oleaccrc.dll | 0x00140000 | 0x00140fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000150000 | 0x00150000 | 0x00151fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000160000 | 0x00160000 | 0x00161fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000170000 | 0x00170000 | 0x00171fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000180000 | 0x00180000 | 0x0018ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000190000 | 0x00190000 | 0x00190fff | Pagefile Backed Memory | rw |
|
|
|
- |
| index.dat | 0x001a0000 | 0x001affff | Memory Mapped File | rw |
|
|
|
- |
| index.dat | 0x001b0000 | 0x001b7fff | Memory Mapped File | rw |
|
|
|
- |
| index.dat | 0x001c0000 | 0x001cffff | Memory Mapped File | rw |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x002effff | Private Memory | rw |
|
|
|
- |
| private_0x00000000002f0000 | 0x002f0000 | 0x0032ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000330000 | 0x00330000 | 0x00330fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000340000 | 0x00340000 | 0x00340fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000350000 | 0x00350000 | 0x00350fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000360000 | 0x00360000 | 0x003cdfff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003d0000 | 0x003d0000 | 0x003d1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000003e0000 | 0x003e0000 | 0x003e1fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000003f0000 | 0x003f0000 | 0x0046ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000470000 | 0x00470000 | 0x0056ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000570000 | 0x00570000 | 0x0066ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000670000 | 0x00670000 | 0x007f7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000800000 | 0x00800000 | 0x00980fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x00990000 | 0x00c5efff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000c60000 | 0x00c60000 | 0x00c61fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c70000 | 0x00c70000 | 0x00c70fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000c80000 | 0x00c80000 | 0x00c80fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000c90000 | 0x00c90000 | 0x00ccffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000cd0000 | 0x00cd0000 | 0x00dcffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000dd0000 | 0x00dd0000 | 0x00e47fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000e50000 | 0x00e50000 | 0x00e51fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000e60000 | 0x00e60000 | 0x00e9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ea0000 | 0x00ea0000 | 0x00edffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000ee0000 | 0x00ee0000 | 0x00ee0fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000f10000 | 0x00f10000 | 0x00f4ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f70000 | 0x00f70000 | 0x00faffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000fb0000 | 0x00fb0000 | 0x0100cfff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000001070000 | 0x01070000 | 0x0116ffff | Private Memory | rw |
|
|
|
- |
| iexplore.exe | 0x01170000 | 0x01215fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001220000 | 0x01220000 | 0x0261ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002640000 | 0x02640000 | 0x0273ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002740000 | 0x02740000 | 0x0274ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002760000 | 0x02760000 | 0x0285ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002860000 | 0x02860000 | 0x0289ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000028c0000 | 0x028c0000 | 0x028fffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002900000 | 0x02900000 | 0x029fffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002a00000 | 0x02a00000 | 0x02adefff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002b60000 | 0x02b60000 | 0x02b9ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002be0000 | 0x02be0000 | 0x02c1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c20000 | 0x02c20000 | 0x02d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d60000 | 0x02d60000 | 0x02e5ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002e80000 | 0x02e80000 | 0x02ebffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002ed0000 | 0x02ed0000 | 0x02fcffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002fd0000 | 0x02fd0000 | 0x0300ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000030b0000 | 0x030b0000 | 0x031affff | Private Memory | rw |
|
|
|
- |
| private_0x00000000031e0000 | 0x031e0000 | 0x0321ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000032d0000 | 0x032d0000 | 0x032dffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003430000 | 0x03430000 | 0x0343ffff | Private Memory | rw |
|
|
|
- |
| private_0x000000005fff0000 | 0x5fff0000 | 0x5fffffff | Private Memory | rwx |
|
|
|
- |
| ieframe.dll | 0x72760000 | 0x731dffff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73980000 | 0x739fffff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x73bf0000 | 0x73c4bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73c50000 | 0x73c8efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x73e60000 | 0x73e67fff | Memory Mapped File | rwx |
|
|
|
- |
| rasadhlp.dll | 0x74180000 | 0x74185fff | Memory Mapped File | rwx |
|
|
|
- |
| nlaapi.dll | 0x74190000 | 0x7419ffff | Memory Mapped File | rwx |
|
|
|
- |
| sensapi.dll | 0x741a0000 | 0x741a5fff | Memory Mapped File | rwx |
|
|
|
- |
| rasman.dll | 0x741b0000 | 0x741c4fff | Memory Mapped File | rwx |
|
|
|
- |
| npmproxy.dll | 0x74390000 | 0x74397fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x743a0000 | 0x743adfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x743b0000 | 0x743eafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743f0000 | 0x74405fff | Memory Mapped File | rwx |
|
|
|
- |
| nlaapi.dll | 0x74410000 | 0x7441ffff | Memory Mapped File | rwx |
|
|
|
- |
| rtutils.dll | 0x74410000 | 0x7441cfff | Memory Mapped File | rwx |
|
|
|
- |
| netprofm.dll | 0x74420000 | 0x74479fff | Memory Mapped File | rwx |
|
|
|
- |
| rasapi32.dll | 0x74420000 | 0x74471fff | Memory Mapped File | rwx |
|
|
|
- |
| sqmapi.dll | 0x74440000 | 0x74472fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x74480000 | 0x74486fff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x74490000 | 0x744abfff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x744b0000 | 0x744f3fff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x74500000 | 0x7450afff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x74600000 | 0x74620fff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74780000 | 0x74792fff | Memory Mapped File | rwx |
|
|
|
- |
| oleacc.dll | 0x74ef0000 | 0x74f2bfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74f30000 | 0x750cdfff | Memory Mapped File | rwx |
|
|
|
- |
| version.dll | 0x751d0000 | 0x751d8fff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75260000 | 0x752b6fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x752c0000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x75350000 | 0x75355fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x753c0000 | 0x75442fff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x75450000 | 0x75494fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x754a0000 | 0x754abfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x754b0000 | 0x7553efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75570000 | 0x7563bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75640000 | 0x75685fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75690000 | 0x7573bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757a0000 | 0x758affff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x758e0000 | 0x759d4fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x75a00000 | 0x75a34fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75a40000 | 0x76689fff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x76880000 | 0x76884fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76890000 | 0x7692ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76940000 | 0x76a3ffff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x76a40000 | 0x76c3afff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x76c40000 | 0x76d5cfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d60000 | 0x76e4ffff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x76e50000 | 0x76f85fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77020000 | 0x7717bfff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x77180000 | 0x771fafff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77200000 | 0x7729cfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000772a0000 | 0x772a0000 | 0x77399fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000773a0000 | 0x773a0000 | 0x774befff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef9b000 | 0x7ef9b000 | 0x7ef9dfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 157 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
Process #15: iexplore.exe
0
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\program files (x86)\internet explorer\iexplore.exe |
| Command Line | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1188 CREDAT:14337 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:03:07, Reason: Child Process |
| Unmonitor | End Time: 00:04:25, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:18 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7e8 |
| Parent PID | 0x4a4 (c:\program files (x86)\internet explorer\iexplore.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
34C
0x
7C0
0x
600
0x
5F8
0x
320
0x
324
0x
344
0x
348
0x
314
0x
7F8
0x
7D0
0x
584
0x
5A4
0x
7D4
0x
6C8
0x
308
0x
35C
0x
7DC
0x
180
0x
330
0x
11C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x0000000000010000 | 0x00010000 | 0x0002ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000010000 | 0x00010000 | 0x0001ffff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000020000 | 0x00020000 | 0x00026fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000030000 | 0x00030000 | 0x00031fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000030000 | 0x00030000 | 0x00031fff | Pagefile Backed Memory | rw |
|
|
|
- |
| apisetschema.dll | 0x00040000 | 0x00040fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000000050000 | 0x00050000 | 0x00053fff | Pagefile Backed Memory | r |
|
|
|
- |
| locale.nls | 0x00060000 | 0x000c6fff | Memory Mapped File | r |
|
|
|
- |
| iexplore.exe.mui | 0x000d0000 | 0x000d1fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x00000000000e0000 | 0x000e0000 | 0x000e0fff | Private Memory | rw |
|
|
|
- |
| private_0x00000000000f0000 | 0x000f0000 | 0x000f0fff | Private Memory | rw |
|
|
|
- |
| oleaccrc.dll | 0x00100000 | 0x00100fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000110000 | 0x00110000 | 0x00111fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000120000 | 0x00120000 | 0x0019ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001a0000 | 0x001a0000 | 0x001a0fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000001b0000 | 0x001b0000 | 0x001b1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001c0000 | 0x001c0000 | 0x001c0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x00000000001d0000 | 0x001d0000 | 0x001d0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000001e0000 | 0x001e0000 | 0x001e1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x00000000001f0000 | 0x001f0000 | 0x001f0fff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000200000 | 0x00200000 | 0x00201fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000210000 | 0x00210000 | 0x0024ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000250000 | 0x00250000 | 0x0032efff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x0000000000330000 | 0x00330000 | 0x00331fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000340000 | 0x00340000 | 0x00341fff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x0000000000350000 | 0x00350000 | 0x00350fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000360000 | 0x00360000 | 0x0045ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000460000 | 0x00460000 | 0x004cdfff | Pagefile Backed Memory | rw |
|
|
|
- |
| pagefile_0x00000000004d0000 | 0x004d0000 | 0x004d0fff | Pagefile Backed Memory | r |
|
|
|
- |
| cversions.1.db | 0x004e0000 | 0x004e3fff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x00000000004e0000 | 0x004e0000 | 0x004e0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| {afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db | 0x004f0000 | 0x0050efff | Memory Mapped File | r |
|
|
|
- |
| pagefile_0x0000000000510000 | 0x00510000 | 0x00510fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000520000 | 0x00520000 | 0x0061ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000620000 | 0x00620000 | 0x00697fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x00000000006a0000 | 0x006a0000 | 0x006dffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000006e0000 | 0x006e0000 | 0x006e1fff | Private Memory | rwx |
|
|
|
- |
| pagefile_0x00000000006f0000 | 0x006f0000 | 0x006f1fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000000700000 | 0x00700000 | 0x0073ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000740000 | 0x00740000 | 0x0074ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000000750000 | 0x00750000 | 0x008d7fff | Pagefile Backed Memory | r |
|
|
|
- |
| pagefile_0x00000000008e0000 | 0x008e0000 | 0x00a60fff | Pagefile Backed Memory | r |
|
|
|
- |
| sortdefault.nls | 0x00a70000 | 0x00d3efff | Memory Mapped File | r |
|
|
|
- |
| index.dat | 0x00d40000 | 0x00d4ffff | Memory Mapped File | rw |
|
|
|
- |
| index.dat | 0x00d50000 | 0x00d57fff | Memory Mapped File | rw |
|
|
|
- |
| private_0x0000000000d60000 | 0x00d60000 | 0x00d9ffff | Private Memory | rw |
|
|
|
- |
| index.dat | 0x00da0000 | 0x00daffff | Memory Mapped File | rw |
|
|
|
- |
| pagefile_0x0000000000db0000 | 0x00db0000 | 0x00db0fff | Pagefile Backed Memory | rw |
|
|
|
- |
| private_0x0000000000dc0000 | 0x00dc0000 | 0x00ebffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ec0000 | 0x00ec0000 | 0x00edffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000ee0000 | 0x00ee0000 | 0x00f1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000000f20000 | 0x00f20000 | 0x0101ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000001020000 | 0x01020000 | 0x01020fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000001030000 | 0x01030000 | 0x01031fff | Private Memory | rw |
|
|
|
- |
| private_0x0000000001040000 | 0x01040000 | 0x0113ffff | Private Memory | rw |
|
|
|
- |
| iexplore.exe | 0x01170000 | 0x01215fff | Memory Mapped File | rwx |
|
|
|
- |
| pagefile_0x0000000001220000 | 0x01220000 | 0x0261ffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000002630000 | 0x02630000 | 0x0266ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002670000 | 0x02670000 | 0x0276ffff | Private Memory | rw |
|
|
|
- |
| private_0x00000000027d0000 | 0x027d0000 | 0x0280ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002810000 | 0x02810000 | 0x0290ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002940000 | 0x02940000 | 0x0297ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002980000 | 0x02980000 | 0x02b7ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002c20000 | 0x02c20000 | 0x02d1ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000002d20000 | 0x02d20000 | 0x02e1ffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x0000000002e20000 | 0x02e20000 | 0x03212fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x0000000003260000 | 0x03260000 | 0x0329ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003310000 | 0x03310000 | 0x0334ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003350000 | 0x03350000 | 0x0338ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003410000 | 0x03410000 | 0x0344ffff | Private Memory | rw |
|
|
|
- |
| private_0x0000000003510000 | 0x03510000 | 0x0360ffff | Private Memory | rw |
|
|
|
- |
| staticcache.dat | 0x03610000 | 0x03f3ffff | Memory Mapped File | r |
|
|
|
- |
| private_0x000000005fff0000 | 0x5fff0000 | 0x5fffffff | Private Memory | rwx |
|
|
|
- |
| ieframe.dll | 0x72760000 | 0x731dffff | Memory Mapped File | rwx |
|
|
|
- |
| msvcp90.dll | 0x73220000 | 0x732adfff | Memory Mapped File | rwx |
|
|
|
- |
| msvcr90.dll | 0x732b0000 | 0x73352fff | Memory Mapped File | rwx |
|
|
|
- |
| propsys.dll | 0x735d0000 | 0x736c4fff | Memory Mapped File | rwx |
|
|
|
- |
| uxtheme.dll | 0x73980000 | 0x739fffff | Memory Mapped File | rwx |
|
|
|
- |
| apphelp.dll | 0x73a90000 | 0x73adbfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64win.dll | 0x73bf0000 | 0x73c4bfff | Memory Mapped File | rwx |
|
|
|
- |
| wow64.dll | 0x73c50000 | 0x73c8efff | Memory Mapped File | rwx |
|
|
|
- |
| wow64cpu.dll | 0x73e60000 | 0x73e67fff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrtremote.dll | 0x743a0000 | 0x743adfff | Memory Mapped File | rwx |
|
|
|
- |
| rsaenh.dll | 0x743b0000 | 0x743eafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptsp.dll | 0x743f0000 | 0x74405fff | Memory Mapped File | rwx |
|
|
|
- |
| winnsi.dll | 0x74480000 | 0x74486fff | Memory Mapped File | rwx |
|
|
|
- |
| iphlpapi.dll | 0x74490000 | 0x744abfff | Memory Mapped File | rwx |
|
|
|
- |
| dnsapi.dll | 0x744b0000 | 0x744f3fff | Memory Mapped File | rwx |
|
|
|
- |
| profapi.dll | 0x74500000 | 0x7450afff | Memory Mapped File | rwx |
|
|
|
- |
| ntmarta.dll | 0x74600000 | 0x74620fff | Memory Mapped File | rwx |
|
|
|
- |
| sqmapi.dll | 0x74640000 | 0x74672fff | Memory Mapped File | rwx |
|
|
|
- |
| mlang.dll | 0x74650000 | 0x7467dfff | Memory Mapped File | rwx |
|
|
|
- |
| dwmapi.dll | 0x74780000 | 0x74792fff | Memory Mapped File | rwx |
|
|
|
- |
| ieshims.dll | 0x747b0000 | 0x747e4fff | Memory Mapped File | rwx |
|
|
|
- |
| oleacc.dll | 0x74ef0000 | 0x74f2bfff | Memory Mapped File | rwx |
|
|
|
- |
| comctl32.dll | 0x74f30000 | 0x750cdfff | Memory Mapped File | rwx |
|
|
|
- |
| ieproxy.dll | 0x751a0000 | 0x751cafff | Memory Mapped File | rwx |
|
|
|
- |
| cryptbase.dll | 0x751f0000 | 0x751fbfff | Memory Mapped File | rwx |
|
|
|
- |
| sspicli.dll | 0x75200000 | 0x7525ffff | Memory Mapped File | rwx |
|
|
|
- |
| shlwapi.dll | 0x75260000 | 0x752b6fff | Memory Mapped File | rwx |
|
|
|
- |
| gdi32.dll | 0x752c0000 | 0x7534ffff | Memory Mapped File | rwx |
|
|
|
- |
| nsi.dll | 0x75350000 | 0x75355fff | Memory Mapped File | rwx |
|
|
|
- |
| clbcatq.dll | 0x753c0000 | 0x75442fff | Memory Mapped File | rwx |
|
|
|
- |
| wldap32.dll | 0x75450000 | 0x75494fff | Memory Mapped File | rwx |
|
|
|
- |
| msasn1.dll | 0x754a0000 | 0x754abfff | Memory Mapped File | rwx |
|
|
|
- |
| oleaut32.dll | 0x754b0000 | 0x7553efff | Memory Mapped File | rwx |
|
|
|
- |
| msctf.dll | 0x75570000 | 0x7563bfff | Memory Mapped File | rwx |
|
|
|
- |
| kernelbase.dll | 0x75640000 | 0x75685fff | Memory Mapped File | rwx |
|
|
|
- |
| msvcrt.dll | 0x75690000 | 0x7573bfff | Memory Mapped File | rwx |
|
|
|
- |
| imm32.dll | 0x75740000 | 0x7579ffff | Memory Mapped File | rwx |
|
|
|
- |
| kernel32.dll | 0x757a0000 | 0x758affff | Memory Mapped File | rwx |
|
|
|
- |
| wininet.dll | 0x758e0000 | 0x759d4fff | Memory Mapped File | rwx |
|
|
|
- |
| sechost.dll | 0x759e0000 | 0x759f8fff | Memory Mapped File | rwx |
|
|
|
- |
| ws2_32.dll | 0x75a00000 | 0x75a34fff | Memory Mapped File | rwx |
|
|
|
- |
| shell32.dll | 0x75a40000 | 0x76689fff | Memory Mapped File | rwx |
|
|
|
- |
| setupapi.dll | 0x76690000 | 0x7682cfff | Memory Mapped File | rwx |
|
|
|
- |
| cfgmgr32.dll | 0x76830000 | 0x76856fff | Memory Mapped File | rwx |
|
|
|
- |
| devobj.dll | 0x76860000 | 0x76871fff | Memory Mapped File | rwx |
|
|
|
- |
| psapi.dll | 0x76880000 | 0x76884fff | Memory Mapped File | rwx |
|
|
|
- |
| advapi32.dll | 0x76890000 | 0x7692ffff | Memory Mapped File | rwx |
|
|
|
- |
| user32.dll | 0x76940000 | 0x76a3ffff | Memory Mapped File | rwx |
|
|
|
- |
| iertutil.dll | 0x76a40000 | 0x76c3afff | Memory Mapped File | rwx |
|
|
|
- |
| crypt32.dll | 0x76c40000 | 0x76d5cfff | Memory Mapped File | rwx |
|
|
|
- |
| rpcrt4.dll | 0x76d60000 | 0x76e4ffff | Memory Mapped File | rwx |
|
|
|
- |
| urlmon.dll | 0x76e50000 | 0x76f85fff | Memory Mapped File | rwx |
|
|
|
- |
| ole32.dll | 0x77020000 | 0x7717bfff | Memory Mapped File | rwx |
|
|
|
- |
| comdlg32.dll | 0x77180000 | 0x771fafff | Memory Mapped File | rwx |
|
|
|
- |
| usp10.dll | 0x77200000 | 0x7729cfff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x00000000772a0000 | 0x772a0000 | 0x77399fff | Private Memory | rwx |
|
|
|
- |
| private_0x00000000773a0000 | 0x773a0000 | 0x774befff | Private Memory | rwx |
|
|
|
- |
| ntdll.dll | 0x774c0000 | 0x77668fff | Memory Mapped File | rwx |
|
|
|
- |
| lpk.dll | 0x77670000 | 0x77679fff | Memory Mapped File | rwx |
|
|
|
- |
| ntdll.dll | 0x776a0000 | 0x7781ffff | Memory Mapped File | rwx |
|
|
|
- |
| private_0x000000007ef9e000 | 0x7ef9e000 | 0x7efa0fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa1000 | 0x7efa1000 | 0x7efa3fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa4000 | 0x7efa4000 | 0x7efa6fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efa7000 | 0x7efa7000 | 0x7efa9fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efaa000 | 0x7efaa000 | 0x7efacfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efad000 | 0x7efad000 | 0x7efaffff | Private Memory | rw |
|
|
|
- |
| pagefile_0x000000007efb0000 | 0x7efb0000 | 0x7efd2fff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007efd5000 | 0x7efd5000 | 0x7efd7fff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efd8000 | 0x7efd8000 | 0x7efdafff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdb000 | 0x7efdb000 | 0x7efddfff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efde000 | 0x7efde000 | 0x7efdefff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efdf000 | 0x7efdf000 | 0x7efdffff | Private Memory | rw |
|
|
|
- |
| private_0x000000007efe0000 | 0x7efe0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| pagefile_0x000000007efe0000 | 0x7efe0000 | 0x7f0dffff | Pagefile Backed Memory | r |
|
|
|
- |
| private_0x000000007f0e0000 | 0x7f0e0000 | 0x7ffdffff | Private Memory | r |
|
|
|
- |
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | r |
|
|
|
- |
| private_0x000000007fff0000 | 0x7fff0000 | 0x7fffffeffff | Private Memory | r |
|
|
|
- |
|
For performance reasons, the remaining 152 entries are omitted.
The remaining entries can be found in flog.txt. |
||||||||
