Info_Project_BSV_2019.docm
Word Document
Created at 2019-06-18T08:41:00
Monitored Processes
Behavior Information - Sequential View
Process #1: winword.exe
291
5
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\program files\microsoft office\root\office16\winword.exe |
| Command Line | "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n |
| Initial Working Directory | C:\Users\aETAdzjz\Desktop\ |
| Monitor | Start Time: 00:00:23, Reason: Analysis Target |
| Unmonitor | End Time: 00:03:49, Reason: Self Terminated |
| Monitor Duration | 00:03:26 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x904 |
| Parent PID | 0x458 (c:\windows\explorer.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
994
0x
990
0x
98C
0x
97C
0x
974
0x
964
0x
960
0x
95C
0x
958
0x
954
0x
950
0x
94C
0x
948
0x
944
0x
940
0x
920
0x
91C
0x
914
0x
910
0x
908
0x
9C0
0x
A0C
0x
A84
0x
A88
0x
A8C
0x
B88
0x
764
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x07E2BDAC | 0x07E2BDF3 | Marked Executable | - | 64-bit | 0x07E2BDB4 |
|
|
|
| winword.exe | 0x13FF40000 | 0x14011BFFF | Relevant Image | - | 64-bit | - |
|
|
|
| buffer | 0x07E2C43C | 0x07E2C487 | Marked Executable | - | 64-bit | 0x07E2C43C |
|
|
|
| buffer | 0x07E2CA44 | 0x07E2CA87 | Marked Executable | - | 64-bit | 0x07E2CA44 |
|
|
|
Downloaded Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| 43cfb0a439705ab2bd7c46b39a7265ff0a14f7bd710b3e1432a9bdc4c1736c49 | 5.38 MB |
MD5:
0c7e59536a7be4a446bbe8b4f22e5880
SHA1: 1d1df205acf0efd78cda6994a1bb9780a5b7b005 SHA256: 43cfb0a439705ab2bd7c46b39a7265ff0a14f7bd710b3e1432a9bdc4c1736c49 SSDeep: 98304:+d+KQ0CO444hl1p7xFMe7rbbbbLG6wd57qw:+d+KQ0R44Q1rbbbbLG5 |
|
|
Threads
Thread 0x908
291
5
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-06-18 08:42:13 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 107125 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15905994101 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\program files\microsoft office\root\office16\winword.exe, base_address = 0x13ff40000 |
|
1 | |
| Module | Load | module_name = Comctl32.dll, base_address = 0x7fefbbe0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\msi.dll, base_address = 0x7fef9580000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\msi.dll, function = MsiProvideQualifiedComponentA, address_out = 0x7fef9603b3c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\msi.dll, function = MsiGetProductCodeA, address_out = 0x7fef95fa13c |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\msi.dll, function = MsiReinstallFeatureA, address_out = 0x7fef9601618 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\msi.dll, function = MsiProvideComponentA, address_out = 0x7fef95ff088 |
|
1 | |
| Module | Get Handle | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL, base_address = 0x7fee3190000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoVBADigSigCallDlg, address_out = 0x7fee32972c0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoVbaInitSecurity, address_out = 0x7fee32060b0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFIEPolicyAndVersion, address_out = 0x7fee31b1a60 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFAnsiCodePageSupportsLCID, address_out = 0x7fee3205f50 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFInitOffice, address_out = 0x7fee31af000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoUninitOffice, address_out = 0x7fee319e860 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFGetFontSettings, address_out = 0x7fee3193fc0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoRgchToRgwch, address_out = 0x7fee31a2380 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHrSimpleQueryInterface, address_out = 0x7fee3197b80 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHrSimpleQueryInterface2, address_out = 0x7fee3197b20 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateControl, address_out = 0x7fee3198730 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFLongLoad, address_out = 0x7fee32d3260 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFLongSave, address_out = 0x7fee32d3280 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFGetTooltips, address_out = 0x7fee31a1f40 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFSetTooltips, address_out = 0x7fee3206370 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFLoadToolbarSet, address_out = 0x7fee31f4590 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateToolbarSet, address_out = 0x7fee31955b0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHpalOffice, address_out = 0x7fee31a0240 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFWndProcNeeded, address_out = 0x7fee3193d10 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFWndProc, address_out = 0x7fee3196d30 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateITFCHwnd, address_out = 0x7fee3193d40 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoDestroyITFC, address_out = 0x7fee319e6f0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFPitbsFromHwndAndMsg, address_out = 0x7fee319df40 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFGetComponentManager, address_out = 0x7fee3197bf0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoMultiByteToWideChar, address_out = 0x7fee319fcd0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoWideCharToMultiByte, address_out = 0x7fee3198b20 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoHrRegisterAll, address_out = 0x7fee3292ef0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFSetComponentManager, address_out = 0x7fee31a42c0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateStdComponentManager, address_out = 0x7fee3193e20 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFHandledMessageNeeded, address_out = 0x7fee319ab10 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoPeekMessage, address_out = 0x7fee319a7d0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFCreateIPref, address_out = 0x7fee3191550 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoDestroyIPref, address_out = 0x7fee319e830 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoChsFromLid, address_out = 0x7fee31913d0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoCpgFromChs, address_out = 0x7fee3196660 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoSetLocale, address_out = 0x7fee3191500 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoFSetHMsoinstOfSdm, address_out = 0x7fee3193dd0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoSetVbaInterfaces, address_out = 0x7fee32971e0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = MsoGetControlInstanceId, address_out = 0x7fee3266d10 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = VbeuiFIsEdpEnabled, address_out = 0x7fee32d98e0 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbeui.dll, function = VbeuiEnterpriseProtect, address_out = 0x7fee32d9830 |
|
1 | |
| Environment | Get Environment String | name = DDRYBUR |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| Module | Load | module_name = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL, base_address = 0x7fef4a90000 |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\Licenses |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\Licenses\8804558B-B773-11d1-BC3E-0000F87552E7, data = } |
|
1 | |
| Module | Load | module_name = OLEAUT32.DLL, base_address = 0x7fefd480000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SysFreeString, address_out = 0x7fefd481320 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = LoadTypeLib, address_out = 0x7fefd48f1e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = RegisterTypeLib, address_out = 0x7fefd4dcaa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = QueryPathOfRegTypeLib, address_out = 0x7fefd511760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x7fefd5120d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleTranslateColor, address_out = 0x7fefd4ac760 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleCreateFontIndirect, address_out = 0x7fefd4decd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleCreatePictureIndirect, address_out = 0x7fefd4de840 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleLoadPicture, address_out = 0x7fefd4ef420 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleCreatePropertyFrameIndirect, address_out = 0x7fefd4e4ec0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleCreatePropertyFrame, address_out = 0x7fefd4e9350 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleIconToCursor, address_out = 0x7fefd4b6e40 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x7fefd48a550 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = OleLoadPictureEx, address_out = 0x7fefd4ef320 |
|
1 | |
| Window | Create | class_name = ThunderMain, wndproc_parameter = 0 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\user32.dll, base_address = 0x76f40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetSystemMetrics, address_out = 0x76f594f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromWindow, address_out = 0x76f55f08 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromRect, address_out = 0x76f52b00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = MonitorFromPoint, address_out = 0x76f4ab64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayMonitors, address_out = 0x76f55c30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = GetMonitorInfoA, address_out = 0x76f4a730 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\user32.dll, function = EnumDisplayDevicesA, address_out = 0x76f4a5b4 |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\oleaut32.dll, base_address = 0x7fefd480000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = DispCallFunc, address_out = 0x7fefd482270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = LoadTypeLibEx, address_out = 0x7fefd48a550 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = UnRegisterTypeLib, address_out = 0x7fefd5120d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = CreateTypeLib2, address_out = 0x7fefd50dbd0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDateFromUdate, address_out = 0x7fefd485c90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarUdateFromDate, address_out = 0x7fefd486330 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = GetAltMonthNames, address_out = 0x7fefd4a66c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarNumFromParseNum, address_out = 0x7fefd484710 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarParseNumFromStr, address_out = 0x7fefd4848f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromR4, address_out = 0x7fefd4bb640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromR8, address_out = 0x7fefd4bb360 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromDate, address_out = 0x7fefd4c2640 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromI4, address_out = 0x7fefd4a58a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDecFromCy, address_out = 0x7fefd4a5820 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarR4FromDec, address_out = 0x7fefd4baf20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = GetRecordInfoFromTypeInfo, address_out = 0x7fefd4da0c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = GetRecordInfoFromGuids, address_out = 0x7fefd512160 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetRecordInfo, address_out = 0x7fefd4a5af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SafeArraySetRecordInfo, address_out = 0x7fefd4a5a90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayGetIID, address_out = 0x7fefd4a5a60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SafeArraySetIID, address_out = 0x7fefd4a5a30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayCopyData, address_out = 0x7fefd4860b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayAllocDescriptorEx, address_out = 0x7fefd483e90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = SafeArrayCreateEx, address_out = 0x7fefd4d9f80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarFormat, address_out = 0x7fefd509b20 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarFormatDateTime, address_out = 0x7fefd509aa0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarFormatNumber, address_out = 0x7fefd509990 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarFormatPercent, address_out = 0x7fefd509890 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarFormatCurrency, address_out = 0x7fefd509770 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarWeekdayName, address_out = 0x7fefd4eb8d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarMonthName, address_out = 0x7fefd4eb800 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarAdd, address_out = 0x7fefd5048e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarAnd, address_out = 0x7fefd509470 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarCat, address_out = 0x7fefd5096a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDiv, address_out = 0x7fefd502fe0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarEqv, address_out = 0x7fefd509cf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarIdiv, address_out = 0x7fefd508ff0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarImp, address_out = 0x7fefd509c00 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarMod, address_out = 0x7fefd508e60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarMul, address_out = 0x7fefd503690 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarOr, address_out = 0x7fefd5092d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarPow, address_out = 0x7fefd502e80 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarSub, address_out = 0x7fefd503f90 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarXor, address_out = 0x7fefd5091a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarAbs, address_out = 0x7fefd4e7c30 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarFix, address_out = 0x7fefd4e7a60 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarInt, address_out = 0x7fefd4e7890 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarNeg, address_out = 0x7fefd4e7ea0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarNot, address_out = 0x7fefd509600 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarRound, address_out = 0x7fefd4e76a0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarCmp, address_out = 0x7fefd5083f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDecAdd, address_out = 0x7fefd4b3070 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarDecCmp, address_out = 0x7fefd4bd700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrCat, address_out = 0x7fefd4bd890 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarCyMulI4, address_out = 0x7fefd49caf0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\oleaut32.dll, function = VarBstrCmp, address_out = 0x7fefd4a8a00 |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-06-18 08:42:15 (Local Time) |
|
1 | |
| System | Get Cursor | x_out = 912, y_out = 431 |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-06-18 08:42:15 (Local Time) |
|
2 | |
| Registry | Create Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = RequireDeclaration, data = 108, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = CompileOnDemand, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = NotifyUserBeforeStateLoss, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BackGroundCompile, data = 0, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnAllErrors, data = 255, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = BreakOnServerErrors, data = 0, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\409 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\9 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-06-18 08:42:15 (Local Time) |
|
1 | |
| Module | Get Filename | process_name = c:\program files\microsoft office\root\office16\winword.exe, file_name_orig = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL, size = 260 |
|
1 | |
| System | Get Cursor | x_out = 912, y_out = 431 |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-06-18 08:42:15 (Local Time) |
|
2 | |
| System | Get Time | type = Local Time, time = 2019-06-18 08:42:15 (Local Time) |
|
2 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2 |
|
1 | |
| Registry | Open Key | reg_name = win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64, data = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7.1\VBE7.DLL |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7 |
|
1 | |
| Registry | Open Key | reg_name = win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\0\win64, data = C:\Program Files\Microsoft Office\Root\Office16\MSWORD.OLB |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020905-0000-0000-C000-000000000046}\8.7\win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64, data = C:\Windows\system32\stdole2.tlb |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Enumerate Keys | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8 |
|
1 | |
| Registry | Open Key | reg_name = win64 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0 |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CLASSES_ROOT\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.8\0\win64, data = C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSO.DLL |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\VBA\7.1\Common, value_name = VbaCapability, data = 0 |
|
1 | |
| System | Get Time | type = Local Time, time = 2019-06-18 08:42:16 (Local Time) |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee3970000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbe7.dll, function = 716, address_out = 0x7fee3cb24c8 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee3970000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbe7.dll, function = 600, address_out = 0x7fee3a74ee0 |
|
1 | |
| COM | Get Class ID | cls_id = ED8C108E-4349-11D2-91A4-00C04F7969E8, prog_id = Microsoft.XMLHTTP |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| COM | Get Class ID | cls_id = 00000566-0000-0010-8000-00AA006D2EA4, prog_id = Adodb.Stream |
|
1 | |
| COM | Create | interface = 00000000-0000-0000-C000-000000000046, cls_context = CLSCTX_INPROC_SERVER, CLSCTX_LOCAL_SERVER, CLSCTX_REMOTE_SERVER |
|
1 | |
| Inet | Open Session | - |
|
1 | |
| Inet | Open Connection | protocol = http, server_name = hcwyo5rfapkytajg.onion.pet, server_port = 80 |
|
1 | |
| Inet | Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = /2hq68vxr3f.exe |
|
1 | |
| Inet | Send HTTP Request | url = http://hcwyo5rfapkytajg.onion.pet/2hq68vxr3f.exe |
|
1 | |
| Inet | Read Response | size_out = 0 |
|
1 | |
| File | Create | filename = LooCipher.exe |
|
1 | |
| File | Write | filename = LooCipher.exe, size = 0 |
|
1 | |
| Process | Create | process_name = LooCipher.exe, os_pid = 0xae8, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_SHOWMINIMIZED |
|
1 | |
| System | Get Cursor | x_out = 630, y_out = 293 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee3970000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbe7.dll, function = 716, address_out = 0x7fee3cb24c8 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee3970000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbe7.dll, function = 600, address_out = 0x7fee3a74ee0 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee3970000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbe7.dll, function = 716, address_out = 0x7fee3cb24c8 |
|
1 | |
| Module | Load | module_name = VBE7.DLL, base_address = 0x7fee3970000 |
|
1 | |
| Module | Get Address | module_name = c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\vba\vba7.1\vbe7.dll, function = 600, address_out = 0x7fee3a74ee0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\ole32.dll, base_address = 0x7fefea30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ole32.dll, function = DllDebugObjectRPCHook, address_out = 0x7fefebaafd0 |
|
1 |
Process #2: loocipher.exe
8970
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\aetadzjz\documents\loocipher.exe |
| Command Line | C:\Users\aETAdzjz\Documents\LooCipher.exe |
| Initial Working Directory | C:\Users\aETAdzjz\Documents\ |
| Monitor | Start Time: 00:00:49, Reason: Child Process |
| Unmonitor | End Time: 00:04:29, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:40 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xae8 |
| Parent PID | 0x904 (c:\program files\microsoft office\root\office16\winword.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | YKYD69Q\aETAdzjz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
AEC
0x
AF8
0x
AFC
0x
B04
0x
B10
0x
B14
0x
B3C
0x
B40
0x
B48
0x
B4C
0x
B50
0x
B54
0x
B74
0x
B7C
0x
B80
0x
B94
0x
B98
0x
B9C
0x
BAC
0x
BB0
0x
BD8
0x
7D0
0x
500
0x
360
0x
2AC
0x
534
0x
248
0x
6F4
0x
154
0x
118
0x
860
0x
824
0x
820
0x
34C
0x
41C
0x
898
0x
8C8
0x
8D4
0x
8B8
0x
8B0
0x
8AC
0x
8D8
0x
83C
0x
844
0x
938
0x
5E0
0x
21C
0x
3B4
0x
5A0
0x
6A4
0x
78C
0x
814
0x
890
0x
9F8
0x
9F0
0x
9F4
0x
AA4
0x
A08
0x
9E4
0x
AF8
0x
7B0
0x
B14
0x
B54
0x
B30
0x
B98
0x
5D0
0x
6A8
0x
B70
0x
710
0x
53C
0x
67C
0x
9A0
0x
994
0x
BB0
0x
974
0x
704
0x
9AC
0x
BD8
0x
9A8
0x
760
0x
7D0
0x
530
0x
360
0x
970
0x
2AC
0x
534
0x
BD4
0x
BDC
0x
BEC
0x
BE8
0x
BE0
0x
420
0x
A9C
0x
6F4
0x
6FC
0x
824
0x
930
0x
820
0x
4B8
0x
BC4
0x
41C
0x
8C8
0x
8B8
0x
8B0
0x
540
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin.lcphr | 373.52 KB |
MD5:
f0a40ada59708f155a8700133c54b289
SHA1: 2c28fe1417757863a83a41de38b1ace2ebaea652 SHA256: c31b61eb49f93a0eae27053e7a00b3a4b5ee3500405853a77040ef4de80cf180 SSDeep: 6144:2s2dV0PvvRN9ONaFhEZW/9zP+jTG0OTW9qddRj/qTh67xBf821ct7f6scUh7wlV:23kNqKhfPm9qN/qThy11ctj6JUO |
|
|
Threads
Thread 0xaec
2648
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-06-18 08:42:27 (UTC) |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17552046406 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x769e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, address_out = 0x769f4d28 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x769f4f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x769f4208 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-synch-l1-2-0, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x0 |
|
1 | |
| Module | Load | module_name = kernel32, base_address = 0x769e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x769f4d28 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-fibers-l1-1-1, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x769f4f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x769f1252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x769f4208 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_ERROR_HANDLE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-l1-2-1, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76a747f1 |
|
1 | |
| Module | Get Filename | module_name = api-ms-win-core-localization-l1-2-1, process_name = c:\users\aetadzjz\documents\loocipher.exe, file_name_orig = C:\Users\aETAdzjz\Documents\LooCipher.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsAlloc, address_out = 0x769f4f2b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsFree, address_out = 0x769f359f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x769f1252 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsSetValue, address_out = 0x769f4208 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionEx, address_out = 0x769f4d28 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitOnceExecuteOnce, address_out = 0x76a0d627 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateEventExW, address_out = 0x76a7410b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreW, address_out = 0x76a0ca5a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSemaphoreExW, address_out = 0x76a74195 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolTimer, address_out = 0x76a0ee7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolTimer, address_out = 0x7738441c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForThreadpoolTimerCallbacks, address_out = 0x773ac50e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolTimer, address_out = 0x773ac381 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWait, address_out = 0x76a0f088 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetThreadpoolWait, address_out = 0x773905d7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWait, address_out = 0x773aca24 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlushProcessWriteBuffers, address_out = 0x77360b8c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FreeLibraryWhenCallbackReturns, address_out = 0x7741fde8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessorNumber, address_out = 0x773b1e1d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateSymbolicLinkW, address_out = 0x76a6cd11 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount64, address_out = 0x76a0eee0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileInformationByHandleEx, address_out = 0x76a0c78f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileInformationByHandle, address_out = 0x76a1cbfc |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTimePreciseAsFileTime, address_out = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77378456 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeConditionVariable, address_out = 0x773e7de4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x773a409d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x76a74b32 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeSRWLock, address_out = 0x77378456 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AcquireSRWLockExclusive, address_out = 0x773729f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TryAcquireSRWLockExclusive, address_out = 0x77384892 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseSRWLockExclusive, address_out = 0x773729ab |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableSRW, address_out = 0x76a74b74 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThreadpoolWork, address_out = 0x76a0ee45 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SubmitThreadpoolWork, address_out = 0x773b8491 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseThreadpoolWork, address_out = 0x773ad8e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x76a746b1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x76a74751 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCMapStringEx, address_out = 0x76a747f1 |
|
1 | |
| Module | Get Handle | module_name = api-ms-win-core-synch-l1-2-0.dll, base_address = 0x0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x769e0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeConditionVariable, address_out = 0x77378456 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SleepConditionVariableCS, address_out = 0x76a74b32 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WakeAllConditionVariable, address_out = 0x773a409d |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 17555248043 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = AreFileApisANSI, address_out = 0x76a740d1 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-string-l1-1-0, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringEx, address_out = 0x76a746b1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnumSystemLocalesEx, address_out = 0x76a7424f |
|
1 | |
| Module | Load | module_name = api-ms-win-core-datetime-l1-1-1, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetDateFormatEx, address_out = 0x76a86676 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLocaleInfoEx, address_out = 0x76a74751 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTimeFormatEx, address_out = 0x76a865f1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetUserDefaultLocaleName, address_out = 0x76a747c1 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = IsValidLocaleName, address_out = 0x76a747e1 |
|
1 | |
| Module | Load | module_name = api-ms-win-core-localization-obsolete-l1-2-0, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LCIDToLocaleName, address_out = 0x76a1ced4 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LocaleNameToLCID, address_out = 0x76a74801 |
|
1 | |
| Environment | Get Environment String | name = USERPROFILE |
|
1 | |
| Module | Load | module_name = api-ms-win-core-sysinfo-l1-2-1, base_address = 0x0 |
|
1 | |
| System | Get Time | type = System Time, time = 2019-06-18 08:42:27 (UTC) |
|
1 | |
| File | Get Info | filename = C:\Users\aETAdzjz\Desktop\c2056.ini, type = file_attributes |
|
1 | |
| System | Get Time | type = System Time, time = 2019-06-18 08:42:27 (UTC) |
|
1 | |
| File | Get Info | filename = C:\, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\$Recycle.Bin, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-2345716840-1148442690-1481144037-1000, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-2345716840-1148442690-1481144037-1000\desktop.ini, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\BCD, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\BCD.LOG, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\BCD.LOG1, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\BCD.LOG2, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\cs-CZ, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\da-DK, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\de-DE, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\el-GR, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\en-US, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\en-US\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\en-US\memtest.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\es-ES, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\fi-FI, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\fi-FI\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\Fonts, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\Fonts\chs_boot.ttf, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\Fonts\cht_boot.ttf, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\fr-FR, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\hu-HU, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\it-IT, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\ja-JP, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\ko-KR, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\memtest.exe, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\nb-NO, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\nb-NO\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\nl-NL, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\nl-NL\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\pl-PL, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\pl-PL\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\pt-BR, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\pt-BR\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\pt-PT, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\pt-PT\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\ru-RU, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\ru-RU\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\sv-SE, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\sv-SE\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\tr-TR, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\tr-TR\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\zh-CN, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\zh-CN\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\zh-HK, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\zh-HK\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\zh-TW, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Boot\zh-TW\bootmgr.exe.mui, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\bootmgr, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Documents and Settings, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\hiberfil.sys, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\pagefile.sys, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\PerfLogs, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\Program Files, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files (x86), type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\ProgramData, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\Acrobat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\Acrobat\10.0, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\Acrobat\10.0\Replicate, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\18541, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\18541\AcrobatUpdater.exe, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\18541\AdobeARM.exe, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\18541\AdobeARMHelper.exe, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\18541\ReaderUpdater.exe, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrSecUpd10111.msp, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10110_MUI.msp, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdbeRdrUpd10116_MUI.msp, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\ARM.msi, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\Reader10Manifest.msi, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Application Data, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Desktop, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Documents, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Favorites, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\s321033.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\s320.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\stream.x86.x-none.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\s321033.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\s320.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\stream.x86.x-none.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\s641033.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\s640.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\stream.x64.x-none.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\s641033.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\s640.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\stream.x64.x-none.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Integration\ShortcutBackups, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\3EE704C9-9D8D-408A-8094-3FFBD3100627, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\3EE704C9-9D8D-408A-8094-3FFBD3100627\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\s641033.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.Platform.Culture.man.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.x64.en-us.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.x64.en-us.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\s640.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.Platform.x-none.man.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.x64.x-none.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.x64.x-none.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\en-us.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\s640.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\Stream.Platform.x-none.man.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\stream.x64.x-none.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\stream.x64.x-none.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\s641033.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\Stream.Platform.Culture.man.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\stream.x64.en-us.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\stream.x64.en-us.man.dat, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\s640.hash, type = file_attributes |
|
2 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\Stream.Platform.x-none.man.xml, type = file_attributes |
|
1 | |
| File | Create | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin.lcphr, type = file_type |
|
1 | |
| File | Read | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, size = 4096, size_out = 4096 |
|
93 | |
| File | Read | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, size = 4096, size_out = 1548 |
|
1 | |
| File | Read | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, size = 4096, size_out = 0 |
|
1 | |
| File | Write | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin.lcphr, size = 4096 |
|
93 | |
| File | Write | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin.lcphr, size = 1552 |
|
1 | |
| File | Create | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Adobe\ARM\Reader_10.0.0\AdobeARM.bin, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 1893 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat, size = 4096, size_out = 4096 |
|
216 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat, size = 4096, size_out = 468 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\en-us.16\stream.x86.en-us.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 544 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\stream.x86.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\stream.x86.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\stream.x86.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\stream.x86.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\23A8C7B1-0195-4D07-B6CF-93A6BF126B2A\x-none.16\stream.x86.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 1893 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat, size = 4096, size_out = 4096 |
|
216 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat, size = 4096, size_out = 468 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\en-us.16\stream.x86.en-us.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 544 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\stream.x86.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\stream.x86.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\stream.x86.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\stream.x86.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\B67F2A9E-0258-4BAE-8ED4-AFE18C0C9A23\x-none.16\stream.x86.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 1615 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 4096 |
|
215 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 1988 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 529 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\stream.x64.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\stream.x64.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\stream.x64.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\D3BE4D83-2D47-4B3D-97F1-5483AB9ADC5C\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 4096, size_out = 1974 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 4096, size_out = 1972 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.1.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml, size = 4096, size_out = 1382 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 1615 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 4096 |
|
215 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 1988 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 529 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\stream.x64.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\stream.x64.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\stream.x64.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\FCE80778-F5A2-48B5-BF04-93D6E887CBA7\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 4096, size_out = 614 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 4096, size_out = 614 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserManifest.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 2774 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.Platform.Culture.man.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.Platform.Culture.man.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.Platform.Culture.man.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.Platform.Culture.man.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.x64.en-us.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.x64.en-us.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 2463 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.Platform.x-none.man.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.Platform.x-none.man.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.Platform.x-none.man.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.Platform.x-none.man.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.x64.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.x64.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.x64.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\7D4151FA-0263-42FB-99EC-A401902FE394\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 2257 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\Stream.Platform.x-none.man.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\Stream.Platform.x-none.man.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\Stream.Platform.x-none.man.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\stream.x64.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\stream.x64.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\stream.x64.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\94A84C64-77C0-403D-9E02-99FBBFE901CB\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 2188 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\Stream.Platform.Culture.man.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\Stream.Platform.Culture.man.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\Stream.Platform.Culture.man.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\Stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\stream.x64.en-us.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\stream.x64.en-us.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 2257 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\Stream.Platform.x-none.man.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\Stream.Platform.x-none.man.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\Stream.Platform.x-none.man.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\Stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\stream.x64.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\stream.x64.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\stream.x64.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\A2D24017-4FB1-4B3A-9228-31FD2D620B18\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\MasterDescriptor.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\MasterDescriptor.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 2837 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\MasterDescriptor.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\MasterDescriptor.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.Platform.Culture.man.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.Platform.Culture.man.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.Platform.Culture.man.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.Platform.Culture.man.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.Platform.Culture.man.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.x64.en-us.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.x64.en-us.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.x64.en-us.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\en-us.16\stream.x64.en-us.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\MasterDescriptor.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\MasterDescriptor.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 2912 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\MasterDescriptor.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\MasterDescriptor.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.Platform.x-none.man.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.Platform.x-none.man.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.Platform.x-none.man.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.Platform.x-none.man.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.Platform.x-none.man.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.x64.x-none.man.dat, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.x64.x-none.man.dat.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.x64.x-none.man.dat, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\ProductReleases\B843911F-CE0B-422E-917E-7E7331D1BFAB\x-none.16\stream.x64.x-none.man.dat, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
10 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 4096, size_out = 530 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
14 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 4096, size_out = 3418 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 4096, size_out = 2042 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
4 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 4096, size_out = 1836 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 4096, size_out = 1626 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.dcfmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
119 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 4096, size_out = 1522 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
9 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 4096, size_out = 2150 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
9 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml, size = 4096, size_out = 3150 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Groove.Groove.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml, size = 4096, size_out = 1252 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.groovemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
25 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 4096, size_out = 3338 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
5 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 4096, size_out = 1634 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.lyncmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
4 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 4096, size_out = 590 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32mui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
83 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 4096, size_out = 3802 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
28 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 4096, size_out = 3572 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 4096, size_out = 2042 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
24 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 4096, size_out = 292 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
4 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 4096, size_out = 2070 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 4096, size_out = 1526 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, size = 4096, size_out = 2856 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 4096, size_out = 2310 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OSMUX.OSMUX.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
2 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 4096, size_out = 2954 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.osmuxmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
23 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 4096, size_out = 3416 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
23 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 4096, size_out = 2676 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
198 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 4096, size_out = 2394 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
26 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 4096, size_out = 1208 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 4096, size_out = 2270 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
8 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 4096, size_out = 1626 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Project.Project.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
7 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 4096, size_out = 3492 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.projectmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 4096, size_out = 2944 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 4096, size_out = 1218 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 4096, size_out = 4096 |
|
6 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 4096, size_out = 1218 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 4096, size_out = 2042 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
19 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 4096, size_out = 2022 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
3 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 4096, size_out = 1086 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
187 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 4096, size_out = 804 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
42 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 4096, size_out = 948 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
249 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 4096, size_out = 4096 |
|
22 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 4096, size_out = 736 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 4096, size_out = 4096 |
|
19 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 4096, size_out = 354 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 4096, size_out = 2816 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 4096, size_out = 3004 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 4096, size_out = 3304 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 4096, size_out = 3238 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, size = 4096, size_out = 4096 |
|
31 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, size = 4096, size_out = 2769 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, size = 4096, size_out = 2913 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, size = 4096, size_out = 4096 |
|
10 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, size = 4096, size_out = 3528 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, size = 4096, size_out = 4096 |
|
7 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, size = 4096, size_out = 193 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, size = 4096, size_out = 4096 |
|
9 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, size = 4096, size_out = 2515 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, size = 4096, size_out = 4096 |
|
31 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, size = 4096, size_out = 2769 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, size = 4096, size_out = 1897 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, size = 4096, size_out = 4096 |
|
7 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, size = 4096, size_out = 193 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, size = 4096, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\users\aetadzjz\documents\loocipher.exe, base_address = 0xdc0000, flags = GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, type = file_type |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml.lcphr, desired_access = GENERIC_WRITE, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml, size = 4096, size_out = 1334 |
|
1 | |
|
For performance reasons, the remaining 64 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xaf8
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = api-ms-win-appmodel-runtime-l1-1-2, base_address = 0x0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FlsGetValue, address_out = 0x769f1252 |
|
1 |
Thread 0xafc
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb04
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb10
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb3c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb40
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb48
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb50
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb54
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb74
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb80
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb94
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb98
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb9c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbac
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbb0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x7d0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x360
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x534
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x154
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x824
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x41c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x8d4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x8ac
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x844
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x5a0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x6a4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x78c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x890
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x9f8
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x9f0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xaa4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xa08
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x7b0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb54
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb30
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xb98
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x5d0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x6a8
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x9a0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x994
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbb0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x974
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x704
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x9ac
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbd8
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x760
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x534
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbd4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbdc
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbec
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbe0
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xa9c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x6f4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x824
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x930
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x820
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x4b8
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xbc4
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x41c
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x8c8
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x540
1
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
