f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba (SHA256)
f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe
Windows Exe (x86-64)
Created at 2018-07-10 04:53:00
Notifications (2/2)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
Monitored Processes
Behavior Information - Grouped by Category
Process #1: f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe
9981
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe |
| Command Line | "C:\Users\CIiHmnxMn6Ps\Desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:51, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:18, Reason: Self Terminated |
| Monitor Duration | 00:00:27 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb14 |
| Parent PID | 0x5dc (c:\windows\explorer.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B3C
0x
168
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000084b0ea0000 | 0x84b0ea0000 | 0x84b0ebffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b0ea0000 | 0x84b0ea0000 | 0x84b0eaffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b0eb0000 | 0x84b0eb0000 | 0x84b0eb6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b0ec0000 | 0x84b0ec0000 | 0x84b0ed3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000084b0ee0000 | 0x84b0ee0000 | 0x84b0fdffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b0fe0000 | 0x84b0fe0000 | 0x84b0fe3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000084b0ff0000 | 0x84b0ff0000 | 0x84b0ff0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000084b1000000 | 0x84b1000000 | 0x84b1001fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x84b1010000 | 0x84b10cdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000084b10d0000 | 0x84b10d0000 | 0x84b10d6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b10e0000 | 0x84b10e0000 | 0x84b10e0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b10f0000 | 0x84b10f0000 | 0x84b10f0fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b1100000 | 0x84b1100000 | 0x84b110ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b1100000 | 0x84b1100000 | 0x84b1127fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1100000 | 0x84b1100000 | 0x84b1125fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b1100000 | 0x84b1100000 | 0x84b1125fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1100000 | 0x84b1100000 | 0x84b1124fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1100000 | 0x84b1100000 | 0x84b1123fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b1100000 | 0x84b1100000 | 0x84b1123fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1100000 | 0x84b1100000 | 0x84b1122fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1100000 | 0x84b1100000 | 0x84b1121fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b1100000 | 0x84b1100000 | 0x84b1121fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1100000 | 0x84b1100000 | 0x84b1120fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1100000 | 0x84b1100000 | 0x84b111ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1130000 | 0x84b1130000 | 0x84b1155fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1130000 | 0x84b1130000 | 0x84b1154fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1130000 | 0x84b1130000 | 0x84b1153fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1130000 | 0x84b1130000 | 0x84b1152fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1130000 | 0x84b1130000 | 0x84b1151fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1130000 | 0x84b1130000 | 0x84b1150fff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b1130000 | 0x84b1130000 | 0x84b114ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b1160000 | 0x84b1160000 | 0x84b116ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b11c0000 | 0x84b11c0000 | 0x84b12bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b12c0000 | 0x84b12c0000 | 0x84b13bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b13c0000 | 0x84b13c0000 | 0x84b1547fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000084b1550000 | 0x84b1550000 | 0x84b16d0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000084b16e0000 | 0x84b16e0000 | 0x84b2adffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortdefault.nls | 0x84b2ae0000 | 0x84b2e16fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00000084b2e20000 | 0x84b2e20000 | 0x84b361ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f25fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f23fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f30fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f24fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f29fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f2cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f2efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f22fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f21fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f2bfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f28fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f2afff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f26fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f2dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2e20000 | 0x84b2e20000 | 0x84b2f27fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b2f30000 | 0x84b2f30000 | 0x84b302ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084b3030000 | 0x84b3030000 | 0x84b3140fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084b3620000 | 0x84b3620000 | 0x84b3e1ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007ff6bf410000 | 0x7ff6bf410000 | 0x7ff6bf50ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff6bf510000 | 0x7ff6bf510000 | 0x7ff6bf532fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff6bf53b000 | 0x7ff6bf53b000 | 0x7ff6bf53cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff6bf53d000 | 0x7ff6bf53d000 | 0x7ff6bf53dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff6bf53e000 | 0x7ff6bf53e000 | 0x7ff6bf53ffff | Private Memory | Readable, Writable |
|
|
|
- |
| f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe | 0x7ff6c01f0000 | 0x7ff6c022afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
|
| apphelp.dll | 0x7ffbff0d0000 | 0x7ffbff147fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| mpr.dll | 0x7ffbffad0000 | 0x7ffbffaebfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x7ffbffdc0000 | 0x7ffbffdf2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x7ffc00170000 | 0x7ffc00186fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x7ffc002e0000 | 0x7ffc002eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcrypt.dll | 0x7ffc006c0000 | 0x7ffc006e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc006f0000 | 0x7ffc0075afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| powrprof.dll | 0x7ffc008a0000 | 0x7ffc008e9fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| profapi.dll | 0x7ffc008f0000 | 0x7ffc00902fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc00910000 | 0x7ffc0091efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msasn1.dll | 0x7ffc00920000 | 0x7ffc00930fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| windows.storage.dll | 0x7ffc00940000 | 0x7ffc00f67fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shcore.dll | 0x7ffc00fc0000 | 0x7ffc01072fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| crypt32.dll | 0x7ffc01190000 | 0x7ffc01350fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x7ffc015f0000 | 0x7ffc01625fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x7ffc01640000 | 0x7ffc016e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| combase.dll | 0x7ffc018a0000 | 0x7ffc01b1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x7ffc01f00000 | 0x7ffc0204dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x7ffc02160000 | 0x7ffc022bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shell32.dll | 0x7ffc022c0000 | 0x7ffc037e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x7ffc037f0000 | 0x7ffc03974fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x7ffc03a50000 | 0x7ffc03aa0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Created Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\$recycle.bin\s-1-5-18\desktop.ini.[evil@cock.lu].evil | 0.66 KB |
MD5:
ff69eac2cc31e4046a19402004bb1b2b
SHA1: d781981daadbc0e17b95eb4296a9332ad28fd975 SHA256: bf54b068790139098829f2c4c30486d39c8aa3fbd05d4223cfe330da0a48ff4a |
|
|
| c:\$recycle.bin\s-1-5-18\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\$recycle.bin\s-1-5-21-1462094071-1423818996-289466292-1000\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\$recycle.bin\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\bg-bg\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\cs-cz\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\da-dk\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\de-de\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\el-gr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\en-gb\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\en-us\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\es-es\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\es-mx\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\et-ee\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\fi-fi\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\fonts\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\fr-ca\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\fr-fr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\hr-hr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\hu-hu\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\it-it\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\ja-jp\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\ko-kr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\lt-lt\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\lv-lv\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\nb-no\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\nl-nl\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\pl-pl\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\pt-br\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\pt-pt\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\qps-ploc\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\resources\en-us\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\resources\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\ro-ro\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\ru-ru\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\sk-sk\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\sl-si\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\sr-latn-cs\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\sr-latn-rs\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\sv-se\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\tr-tr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\uk-ua\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\zh-cn\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\zh-hk\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\zh-tw\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\boot\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\perflogs\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\designer\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\ar-sa\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\bg-bg\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\cs-cz\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\da-dk\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\de-de\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\el-gr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\en-gb\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\en-us\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\es-es\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\es-mx\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\et-ee\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fi-fi\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fr-ca\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fr-fr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\insert\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\main\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\oskclearui\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\osknav\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\fsdefinitions\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\he-il\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\hr-hr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\hu-hu\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\hwrcustomization\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\it-it\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\ja-jp\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\ko-kr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\languagemodel\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\lt-lt\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\lv-lv\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\nb-no\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\nl-nl\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\pl-pl\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\pt-br\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\pt-pt\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\ro-ro\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\ru-ru\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\sk-sk\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\sl-si\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\sr-latn-cs\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\sr-latn-rs\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\sv-se\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\th-th\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\tr-tr\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\uk-ua\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\zh-cn\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\zh-hk\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\zh-tw\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\ink\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\msinfo\en-us\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\msinfo\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\office16\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\source engine\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\stationery\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\textconv\en-us\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\textconv\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\triedit\en-us\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\program files\common files\microsoft shared\triedit\!_how_recovery_files_!.txt | 0.92 KB |
MD5:
1a678d15903094d557947ab1688c8436
SHA1: 11ea9faf9b0c218dafb9b38c092702ddc1fdc33a SHA256: 168838ba2a258a1400190b248c4e4289a8c7177490beb177c5405cd638bfb94f |
|
|
| c:\$recycle.bin\s-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini.[evil@cock.lu].evil | 0.66 KB |
MD5:
e7a9e2351b4e218f3c99314906b11f46
SHA1: 10e559903eebe8d9be238a2ad03dd48a424fcad5 SHA256: 9141a388677affd8c6d567d52af005c3eec3c99a98c66f93197e8dc79a2f418f |
|
|
| c:\boot\bootstat.dat.[evil@cock.lu].evil | 64.53 KB |
MD5:
50243b2b79d1d5690dd322b1d329e064
SHA1: a9ae7fd51bbc77785bfb183d2d6c920c5d7db112 SHA256: 67d791f27148c0f68b50d2eefb278c99ec768376d089ca3acade72005c2a5fff |
|
|
| c:\bootnxt.[evil@cock.lu].evil | 0.53 KB |
MD5:
58e2aeb7130d240278cdb3ce0fc4d3ea
SHA1: 79cbe8f8273d8b8efbc3d9fdcbc53c2cd2cbc075 SHA256: a584b8a913c91ac9ee4b076c0f6fb5282b4dc8bf1b31005c7a81e910e52db0ef |
|
|
| c:\program files\common files\designer\msaddndr.olb.[evil@cock.lu].evil | 23.22 KB |
MD5:
ff1d1cdd55d4cfd3a1907a8f1a642dca
SHA1: 85cafe710f50eb3e2500cfd0b077f33d8de7bef3 SHA256: 05f7e8e9b4885805c836bf1ad3eef7d87d12c74e5e2bb95f476bb778d9046864 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll.[evil@cock.lu].evil | 18.72 KB |
MD5:
80e2bd3bc9d5a77013bb6046777c89ac
SHA1: fad12c60a9e182e76ae863bfd2bf44032926da9c SHA256: aad945c447e5b5a244df47172a439747672332479e1285b00d7bca85f924f314 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll.[evil@cock.lu].evil | 18.72 KB |
MD5:
d436cabae27c5fa1f752147792594be7
SHA1: 1a5408e7a8cba6b2bc4eff5b71e744226b28f2ca SHA256: dfba80d16d1930a1a7869eb21116eb8d741c23dd6cd4b2ca3d57c5073e47a85a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll.[evil@cock.lu].evil | 21.22 KB |
MD5:
ea976dd633bde33f2e83da02d4d33d53
SHA1: fed328a42394ac0204b584ce0f1698eff82620ae SHA256: f0d439f3b4f04286f34dbfd12e779c7a4e47b8b02fabb6bbf84579b26c2c32eb |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll.[evil@cock.lu].evil | 19.22 KB |
MD5:
aab8b18f63dbc88e289040a664dd0534
SHA1: cb365c7fe3f9e104cd2b23aa46f514f3fa21ef17 SHA256: e4ce47e733e84dcff65db781b69339c6b16d4b12f580694663ddfa7f3a1c72f2 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll.[evil@cock.lu].evil | 19.22 KB |
MD5:
9b2078bdaac5334cb3694a82be5a4801
SHA1: 44ab13e0d3f8d4b8eea44a5d85436c08a1c9dd99 SHA256: 6b615bf3e093815dc9c07d5d7122d30a3ce8b0ff7e660609502364d0c32cd722 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll.[evil@cock.lu].evil | 18.72 KB |
MD5:
47fba4c9e3ee095b3a97e5c29ddff551
SHA1: f5d26fc32a23e9e02317fda3f52f7c74f04be829 SHA256: b0f286eda0ea1cc2a2506723bb844936823bb6d5244db56b13a870a1818bcec1 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-xstate-l2-1-0.dll.[evil@cock.lu].evil | 11.88 KB |
MD5:
3c2a465c0664d7854a7caec13943834a
SHA1: 9ed94930babf688a8fa54df519424f5601c7a799 SHA256: 19d946d3d2b633f0bb8e2fa40a446082917feceaae3300d1d384c286c01540ef |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-conio-l1-1-0.dll.[evil@cock.lu].evil | 19.72 KB |
MD5:
67e08d1bc4a8ceb4849bbb7490a5ef36
SHA1: 0e2ac3fe8228b655755456d864e2d46fb13be944 SHA256: 45d86f3aaeb598812a8c3ef73b518a4343c04c1a3a24a641e6ff442a117b2194 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll.[evil@cock.lu].evil | 22.72 KB |
MD5:
95dab35641d78b80984ee8837a503e69
SHA1: 5321f924b0b8829ad943d28df03837761f16644d SHA256: d12372aa9f9d48f064853e91adcb826d16d30898b7c3aecb55d3ef90585cc03d |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll.[evil@cock.lu].evil | 19.22 KB |
MD5:
cf0b902b894a27d185524839e0af804b
SHA1: c457940cdbc533078e14d59702ce7b07059a965c SHA256: ca43590e2e64f419f68a6b5546e0609b22eac23cd567c21de43897e903e72c67 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll.[evil@cock.lu].evil | 20.72 KB |
MD5:
e538f31045b39cf753cce41ec066ff56
SHA1: ff39f7f1071e41aefa2a969bc98b10b2f60c66e8 SHA256: 9fd8e19b1a05f30211cb11ed6ed5c92e8351754609fc5e2c8e7effaec017f2fa |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll.[evil@cock.lu].evil | 19.72 KB |
MD5:
f611a1acac4c63fc5786c0cfe3139553
SHA1: f12fd7a3fc9b4ee730dcd8f4b8d308c177151530 SHA256: 6893e37380a932199ca8bdd42eef23156e46477e795012e18f84210023e04cf2 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll.[evil@cock.lu].evil | 19.22 KB |
MD5:
11ddfdff6ced2b90a17d0a45f4725dfb
SHA1: 945bb2696bb13e90139d957d8e00f4794a560844 SHA256: 393aeebd06dd64f06c7d284cdb9b3e52f5cca6405c273f14cf844f00fba4a2f3 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll.[evil@cock.lu].evil | 27.72 KB |
MD5:
f0365f9f1529305bb818a06b8c7e42f3
SHA1: 3078dad668be5810a26628560a5d35e94923a07f SHA256: 95bcb3efc918d5dcc200981ea06b0f0bc4317aac2db05b110c542ad5f38f8ec0 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll.[evil@cock.lu].evil | 26.72 KB |
MD5:
3652e7ed09e9cb47534010d2ef450021
SHA1: 26012cb9acd993e2356cffb1549b26f08959c6cd SHA256: 47a815497a58a0d77784908e518b38aba384eaa9e9b28885a22f3016efab8999 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-private-l1-1-0.dll.[evil@cock.lu].evil | 69.72 KB |
MD5:
af0ffdd9d0c0c55596497cd8cea4b11c
SHA1: 26d1ebb9de4a7268d9f3800a490d56fdb0b4f4a9 SHA256: 7899c07d5d1baab9e416dc0c890ab8b36de95e52759741d834f34fb69e5f0c6a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-process-l1-1-0.dll.[evil@cock.lu].evil | 19.72 KB |
MD5:
da4622a7adcff855a3675dfc57644912
SHA1: 4da0ca006ba62630055b6dcb5d6eb6c0cf99e51f SHA256: 2667857d8d19923eea1479fae3c3a437908948103749e8d2cc4c8e4228656fed |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll.[evil@cock.lu].evil | 23.22 KB |
MD5:
d0e0fce3416effea238df1be74f39606
SHA1: 5439ee05b9860228dbf5360d077cb212beabca1c SHA256: 44ce8fe21f5e85672a08c518ff118be3dc6dd3bcb5a7398eb6ba53cd79b4cf0b |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll.[evil@cock.lu].evil | 24.72 KB |
MD5:
e93894cbdbd8b70bae1b30178f523fb9
SHA1: 3c5754c5fa9c0f2c2c305f216c3f904d399a284b SHA256: 4a1ac1dd5be1aa2a45572d0aca4e8121b923bcfe0951cb8ceca014b16c3dd246 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll.[evil@cock.lu].evil | 24.72 KB |
MD5:
22589347ead8d6db53234fa315905bd9
SHA1: 8ebd2422fe2d7b3bedbc5b9ba685feac26136e9f SHA256: 5c462cc6b6cb919ec477588acc854137d4153c938dc72c4d366d65937ddf997c |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll.[evil@cock.lu].evil | 21.22 KB |
MD5:
8f40f0ed2ab89381d6d78af6ef04bc50
SHA1: d95cbefa6677323e653d889c783319fb58887d11 SHA256: 28e4dc16515516b44b0f7722a707d48fcedd71a02dfc25219b8e7d524c0576c9 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll.[evil@cock.lu].evil | 19.22 KB |
MD5:
67e3ea5f5110b2453a28d097e969fd31
SHA1: 32908f74faf5441bef7aaf4f1eb5a28fd633685a SHA256: e479622019da2dfda5a9aa7ba832489a0140bc806fc4be5509b7c45b2fa9371b |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvcleaner.exe.[evil@cock.lu].evil | 1.97 MB |
MD5:
798e2f736c7cff67d246e0c76cb5f8af
SHA1: c8d9977a044b7a80acfed9ed8c0b34506b6a64c9 SHA256: 04a094dd3d4722cdf5d2ff2763bad9d2eb731dafeff844dfcdb737d373eb7f5a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems32.dll.[evil@cock.lu].evil | 1.70 MB |
MD5:
9a601b7b2158505d006a171986ef835a
SHA1: e2b3d502b993a4d6ca428f5b0c994ee31801492b SHA256: af2bc351a25276f704f75a75fc71f8e91fd2ebf5d799cf1bf2500640ea30cc83 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll.[evil@cock.lu].evil | 2.20 MB |
MD5:
9ffa2cd9ec3cccaa04568ee117d57d6c
SHA1: 12369c68343db424f4efb548d160e54a65a39aa0 SHA256: 2e851436be23b16d3e3a1de37e0cf076bf86dee12a9a2324fe236283587f0b65 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvscripting.dll.[evil@cock.lu].evil | 509.81 KB |
MD5:
70d48138b5da3567248670cd270c1fb0
SHA1: 3f45a6eeabe11b24fd550f0709e2138ebcec1d9e SHA256: beebc01db0d751c96883a10a606d806a72f6740ffce9fcbb7d54b3632fa11731 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe.[evil@cock.lu].evil | 267.31 KB |
MD5:
c0bc46143f5466c07262145a6f1d307b
SHA1: 8b15bf511391585a2f006294790377ef9f8f3b9a SHA256: 900450dc443e2b38594476377d6c783a0fae86450d455534c921e86eb0e999bb |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2r32.dll.[evil@cock.lu].evil | 1.41 MB |
MD5:
9a728740c51ac0bb2c7ce65554d7442e
SHA1: ce8bff9f569250a811858aeb5f424095906bfcfb SHA256: d4ac54a070b75196276e7e94f55a41cf93a7243026a8c307a3b4a7a13c5a5f02 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2r64.dll.[evil@cock.lu].evil | 1.91 MB |
MD5:
12f7046a4641bc31ff58effd75ba1895
SHA1: 521e4ca34bb4e5a6d7488d00e189c810a016635b SHA256: 2d257c207a6436b99a90e6012d68f94284c18f07662c37b7ccc20a099201c6cb |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml.[evil@cock.lu].evil | 4.56 KB |
MD5:
b54cd29fbcd2d4310bfc41857d844ef5
SHA1: 01278c4c2a3f3b8128b35cdbaf7ccdaf53454202 SHA256: 9591fa562b47730d4890a5922f7dd672d535ef3234b5a224ebba15b991ea7b2f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2rui.en-us.dll.[evil@cock.lu].evil | 996.22 KB |
MD5:
293034391c2308f7c264d8d791a8dd7b
SHA1: 1c4f3afa6fc72386e3ce561dad3ae213ad68e35d SHA256: 33d882c1a391a4b6165358b08445cc7d4a49993022c21241bd542b25dbfbcbc1 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\clientcapabilities.json.[evil@cock.lu].evil | 0.56 KB |
MD5:
a37b2c6151903d7b1ab335c4878d8063
SHA1: cc5d12c5313da03c4901554646a660b12fb7d003 SHA256: d45429e042efc50ae1c4e847f336578fc44af08bf5e24bd517919478c0727602 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\clienttelemetry.dll.[evil@cock.lu].evil | 1.80 MB |
MD5:
6da1c6a666477ea4e50cecf13b3dc7e8
SHA1: 89d66e132b1ec0b9685cdd12da48e7cb789c02da SHA256: 60e3dbbe83f2ef4b279eef3954c2f66465e1cd539c940198535f1bb27a84d11c |
|
|
| c:\program files\common files\microsoft shared\clicktorun\concrt140.dll.[evil@cock.lu].evil | 326.34 KB |
MD5:
42f008163f211a3d9753a8d4b5561990
SHA1: 16c7776f9ee410cdada5f39b894dc9ea022015ce SHA256: 8456cd026791091d0f368ef51a206e3816e8f3b4585fc761fa06426445005e9f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\i640.hash.[evil@cock.lu].evil | 0.62 KB |
MD5:
3fc8fdbf027de2d36452b2f675b55bc4
SHA1: 9167114c74a73b08523e219016532f851b5f5555 SHA256: e209e64a505af38c06e787c81b6bee4257b4356fd3d3f4717dca8a2540e77634 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\i641033.hash.[evil@cock.lu].evil | 0.62 KB |
MD5:
a23ff618276a9b318024879899d891f7
SHA1: 6df3b85d5697c19a68a10b9c2e16003f645ef88e SHA256: 17e45046f7d6df4ffe7b069a705e84a35990cb2c937f660f6042d4a744c55744 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\integratedoffice.exe.[evil@cock.lu].evil | 4.25 MB |
MD5:
b36588295248143016f586de036ae9bb
SHA1: 086090e27b23aeaec6a042a3e56952a24335990c SHA256: ca66fdf37af38599cae97513b6c22c7345bb27191e73a487402f92bfb9f16e81 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mavinject32.exe.[evil@cock.lu].evil | 359.81 KB |
MD5:
cdda122d5337742b76a7f0d6074fa0ea
SHA1: 28618a6b6400f31b080eb03308d944267dea9012 SHA256: 42f2a8ce2f78d7c8f853b8d87ff8eec49a1a8f290b26ed7a96cb70c8bacf81f8 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso20win32client.dll.[evil@cock.lu].evil | 4.47 MB |
MD5:
17fb0a91befd68074e760fdbea847f21
SHA1: 60bee8cb5a15bf5fdcbbf34dddc64204e6e625e4 SHA256: e561acb707294432007fe060a4c9e08891b2d540e3c37c04aa6fb84dc81553e8 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso30win32client.dll.[evil@cock.lu].evil | 6.80 MB |
MD5:
6141afd2b7bf8e8877afd43193cf963c
SHA1: 88481e75bbfca1ce5cdbef10a478cfc3a8a667cb SHA256: 3ebfbb607575862de9a6786869d41cc19bbc001369dc2402500bb7bd110757de |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso40uires.dll.[evil@cock.lu].evil | 4.25 MB |
MD5:
65a7ac99d4e754417d615a931b20bad5
SHA1: ed63089422affd7d6ba19540c6ae56bb9f4a810c SHA256: 981f504e223de0b97c445cb2afda256523201a89dece9a1321051b57fae3fcef |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso40uiwin32client.dll.[evil@cock.lu].evil | 10.00 MB |
MD5:
bd3874610ed589e1439875c32e385129
SHA1: 3a3a825597681612bb9e0ed75be392ee22af7c49 SHA256: 144cfb403b540c0a44a91db61c942ea588c6eba2adbfcfbde76901c7378c4e86 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\msointl30.en-us.dll.[evil@cock.lu].evil | 74.72 KB |
MD5:
1430797492e4d47dedc68ac94d9ee7aa
SHA1: f5716d4a7cf8bb47727fa0fcf24950ed3ae6d0be SHA256: 3497699cbf5582db1dd7857b817c3dff25297f38b2a72dec98d041a7e449e4ab |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe.[evil@cock.lu].evil | 10.00 MB |
MD5:
ffc949a2e16a51b2102435f917301298
SHA1: 79e54a06f4abdde1a22247678c589982524ca16d SHA256: 6717ac0e398fb619b4de5dddbeb7b684ac0f2d0dfeb2408b55eaed3b5be68547 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officec2rcom.dll.[evil@cock.lu].evil | 1.78 MB |
MD5:
bc11d384f7a1c90d483a4a934ae875b8
SHA1: 45e3ef8ae40bd6e31b164c37c6050d837751cd86 SHA256: 3aa068fc7ae301a9132da6bb198a34452892afc9f8d9f23b284a19cf81dec03f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml.[evil@cock.lu].evil | 5.19 KB |
MD5:
313a782e52ee105db21a0439d0ba1e44
SHA1: 1c888cdbd58c53a68fe5807bd442335f3b33f156 SHA256: 5eddd5defdceb6a1c81c0002c72c4d0f9ab96f8b42e21ece80d0d724873a4690 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml.[evil@cock.lu].evil | 4.88 KB |
MD5:
dcbf870231565ceb0922ccd875060668
SHA1: 3ac83c3fc9deca8c8670b0d19d2df094c4b15855 SHA256: 35c0e41548767ec419ed99460d1904495cb6d1b689d15c1ccc8d8d2b6c275294 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll.[evil@cock.lu].evil | 960.22 KB |
MD5:
9afd40406e975059c55aab0ceafa3ad0
SHA1: dd2fd549df053994043e4ef99fe537862bcdcc44 SHA256: 902c0889b1673fbf829b393d9dcc60b2822d61cda42f43162019124d02cde14a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\vccorlib140.dll.[evil@cock.lu].evil | 386.84 KB |
MD5:
33153140aa88e02d2864c44d053b75c5
SHA1: 89fb3a6d23ed018622d365ac2dfb4a2887ac116f SHA256: e67e03ab038b08947447b3cd76c916abf816ec2d1fe8e7cecda6a87b0462560b |
|
|
| c:\program files\common files\microsoft shared\office16\liclua.exe.[evil@cock.lu].evil | 564.72 KB |
MD5:
6002fdf9063823cfce785e8c3a869e91
SHA1: 80abc8d42db02d4d44a689a8f23ac8383017c41c SHA256: 7f47df895a4d20337c3f330bb9a5c342ffb8269ba8cbc4230bc1b21125679e35 |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pidgenx.dll.[evil@cock.lu].evil | 1.41 MB |
MD5:
90aee27d63209c968face9f035756947
SHA1: 2f3da20fd7dd06b44e73c651235f2e5b33cdaa07 SHA256: 3e7401f554894f8b78517121d1d7dd661bb699a2a8c7285241ec7241e34d2f6b |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig-office.xrm-ms.[evil@cock.lu].evil | 624.69 KB |
MD5:
99abfd2614127fc84af4787ab8034288
SHA1: b42b4c2001fd6aa1b467de62d54dc3ca5301e8ec SHA256: 0a8329fa58d0945e2ac3737246cb7241cf6855530440d33eb78688b9d175b602 |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll.[evil@cock.lu].evil | 29.72 KB |
MD5:
946cbc9c9e949b0a58ae7394bd932360
SHA1: 48620898fde359b15fb2acfbfc781fb4d58a00cb SHA256: 465d1561461b1a2b469f1623f6f7fb2a55d1f5994078a9512de07a5a7b8af434 |
|
|
| c:\program files\common files\microsoft shared\source engine\ose.exe.[evil@cock.lu].evil | 254.72 KB |
MD5:
4e3d9964ceae76205c028a5a71e9b2cd
SHA1: 75dfb4fd21b6ddfcab4a190b6ce77da32e64d77c SHA256: 6fa23beed14ce49fdcc5acc450e3669218955fea866d5c3cfcbbf57be7a17dd2 |
|
|
| c:\program files\common files\microsoft shared\stationery\desktop.ini.[evil@cock.lu].evil | 1.16 KB |
MD5:
74b83dc533dfa21bef2300274dedae0a
SHA1: 9275fa2439ec1050615e0bbbcb8cba3cf8dcc924 SHA256: 5bafc129a05f278a4a3f319abacc47db83ec23fb33dfd8aa49709e0ec52f45f0 |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\$recycle.bin\s-1-5-18\desktop.ini | 0.16 KB |
MD5:
59fc3025bc8efa848846a6325f242dad
SHA1: 052ca3c1a0d60e0dfb98a6e95a5137f557cbbdfa SHA256: 6eda1e3b1f52ff48d1d6f2b39f231063fb4423084a0472df8ca338024fdb07c4 |
|
|
| c:\$recycle.bin\s-1-5-18\desktop.ini | 0.66 KB |
MD5:
ff69eac2cc31e4046a19402004bb1b2b
SHA1: d781981daadbc0e17b95eb4296a9332ad28fd975 SHA256: bf54b068790139098829f2c4c30486d39c8aa3fbd05d4223cfe330da0a48ff4a |
|
|
| c:\$recycle.bin\s-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini | 0.16 KB |
MD5:
673801ddc146a268d8d3cf440c9824e7
SHA1: 639e8f3ca86c413f74c81e80894f025cd5192db9 SHA256: 587556cd6e2ef70fca97e9849b7dec128447db861ee4df2e05bda18d9e72d59d |
|
|
| c:\$recycle.bin\s-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini | 0.66 KB |
MD5:
e7a9e2351b4e218f3c99314906b11f46
SHA1: 10e559903eebe8d9be238a2ad03dd48a424fcad5 SHA256: 9141a388677affd8c6d567d52af005c3eec3c99a98c66f93197e8dc79a2f418f |
|
|
| c:\boot\bootstat.dat | 64.03 KB |
MD5:
9f4300a35167c6f205ca8c7686e21e25
SHA1: 444aa340238ea046e1da6114a8cf8f7e29f9e026 SHA256: 437c70d066370cee790e3202bb2cd00bc47597b3bb6f070efcc4fbeb8bb7ae02 |
|
|
| c:\boot\bootstat.dat | 64.53 KB |
MD5:
50243b2b79d1d5690dd322b1d329e064
SHA1: a9ae7fd51bbc77785bfb183d2d6c920c5d7db112 SHA256: 67d791f27148c0f68b50d2eefb278c99ec768376d089ca3acade72005c2a5fff |
|
|
| c:\bootnxt | 0.03 KB |
MD5:
67ffc5d24d1cbadf2821bd3013f7ec9d
SHA1: 4f251ba2247cc87fc01267ad4c60ca64e18e5798 SHA256: 1c939e97e3f2691da59e1b98d0b75474aa7fcf1729702e4c41c9b5c997f2427b |
|
|
| c:\bootnxt | 0.53 KB |
MD5:
58e2aeb7130d240278cdb3ce0fc4d3ea
SHA1: 79cbe8f8273d8b8efbc3d9fdcbc53c2cd2cbc075 SHA256: a584b8a913c91ac9ee4b076c0f6fb5282b4dc8bf1b31005c7a81e910e52db0ef |
|
|
| c:\program files\common files\designer\msaddndr.olb | 22.72 KB |
MD5:
1e5ea766fa60d7e6e4face1491b15bf1
SHA1: ef6a1eec72e9e328151c4a3b0ddc68870e960cba SHA256: 6f0bf1b9d6442b15a8d843d2e6a9ff5d7d110d8dce57690c21edeefdb9d2badd |
|
|
| c:\program files\common files\designer\msaddndr.olb | 23.22 KB |
MD5:
ff1d1cdd55d4cfd3a1907a8f1a642dca
SHA1: 85cafe710f50eb3e2500cfd0b077f33d8de7bef3 SHA256: 05f7e8e9b4885805c836bf1ad3eef7d87d12c74e5e2bb95f476bb778d9046864 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll | 18.22 KB |
MD5:
6b3e92a3d621563f5fc04480aeaaafe3
SHA1: 80300f3fd6649f21f979241aa97c41a6eb008a2b SHA256: 79e266687e08c049fb814354c2c4813d95c0e5388a00f465021a347edd139694 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l1-2-0.dll | 18.72 KB |
MD5:
80e2bd3bc9d5a77013bb6046777c89ac
SHA1: fad12c60a9e182e76ae863bfd2bf44032926da9c SHA256: aad945c447e5b5a244df47172a439747672332479e1285b00d7bca85f924f314 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll | 18.22 KB |
MD5:
779972ae5cf88549fc001b0de45be14c
SHA1: 555ff4c201bc9706d70316a3ed94ec83c24a064e SHA256: 802bb5fff8d58e6187deb51bd5714c5aba2d6b8048e9fd3e1596e9a09398a1b1 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-file-l2-1-0.dll | 18.72 KB |
MD5:
d436cabae27c5fa1f752147792594be7
SHA1: 1a5408e7a8cba6b2bc4eff5b71e744226b28f2ca SHA256: dfba80d16d1930a1a7869eb21116eb8d741c23dd6cd4b2ca3d57c5073e47a85a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll | 20.72 KB |
MD5:
c65396d37f4af22dffac7cf70d523346
SHA1: 1ae5b4d5f37a809cd6b1f3bea673cbd2a0bc21bf SHA256: 7e2a4ac6c6a30544d1ca05c27805df90687cc3418b417eefb4d3f4db3cd70d3a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-localization-l1-2-0.dll | 21.22 KB |
MD5:
ea976dd633bde33f2e83da02d4d33d53
SHA1: fed328a42394ac0204b584ce0f1698eff82620ae SHA256: f0d439f3b4f04286f34dbfd12e779c7a4e47b8b02fabb6bbf84579b26c2c32eb |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll | 18.72 KB |
MD5:
81fc43f8895b734da1c0ce9f58fc2f8e
SHA1: d2bb68b5bb7d81d0a43f8d18074e4b40029d9ca9 SHA256: 9be9286cb594e7ebb025eeb52a02fb31e62f092dd7ebc2c84925d7c2325907dc |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-processthreads-l1-1-1.dll | 19.22 KB |
MD5:
aab8b18f63dbc88e289040a664dd0534
SHA1: cb365c7fe3f9e104cd2b23aa46f514f3fa21ef17 SHA256: e4ce47e733e84dcff65db781b69339c6b16d4b12f580694663ddfa7f3a1c72f2 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll | 18.72 KB |
MD5:
a5dc5f43c24d2c580d6b3413d251ccee
SHA1: 6db620ef9cf8ea0016b30d14dd3dadc41268515e SHA256: a9b715f6a427a7ee724fb8b61644e8684ef7636a1d01e3787db52a33217f037c |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-synch-l1-2-0.dll | 19.22 KB |
MD5:
9b2078bdaac5334cb3694a82be5a4801
SHA1: 44ab13e0d3f8d4b8eea44a5d85436c08a1c9dd99 SHA256: 6b615bf3e093815dc9c07d5d7122d30a3ce8b0ff7e660609502364d0c32cd722 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll | 18.22 KB |
MD5:
9bc9dc13337ad3e0a684bb662d2cfe5b
SHA1: c5aff84cf0b061e980e2779775e579309fb027f2 SHA256: 2ef34ba36d561782429118e8e7927e62f1d869a1b8126842f79293791798f617 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-timezone-l1-1-0.dll | 18.72 KB |
MD5:
47fba4c9e3ee095b3a97e5c29ddff551
SHA1: f5d26fc32a23e9e02317fda3f52f7c74f04be829 SHA256: b0f286eda0ea1cc2a2506723bb844936823bb6d5244db56b13a870a1818bcec1 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-xstate-l2-1-0.dll | 11.38 KB |
MD5:
519678d26665cffd9b2dac777dc539c3
SHA1: 8dce916c3b94ae1c7e2d89d463ad35a431f31be8 SHA256: c238b728e458399b64e0469c6a479fd1235daac5d7a1fc022a3fd4868fe78413 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-core-xstate-l2-1-0.dll | 11.88 KB |
MD5:
3c2a465c0664d7854a7caec13943834a
SHA1: 9ed94930babf688a8fa54df519424f5601c7a799 SHA256: 19d946d3d2b633f0bb8e2fa40a446082917feceaae3300d1d384c286c01540ef |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-conio-l1-1-0.dll | 19.22 KB |
MD5:
f64bbae1c7e56a55bdafc6776ec6f2f9
SHA1: 8aa04faa21596508e30b9d386a5800e53a62f338 SHA256: 0b9fd05b7623788fef4295610917f84055f71d84f1c7e5f24e4579d3c8ae7fb0 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-conio-l1-1-0.dll | 19.72 KB |
MD5:
67e08d1bc4a8ceb4849bbb7490a5ef36
SHA1: 0e2ac3fe8228b655755456d864e2d46fb13be944 SHA256: 45d86f3aaeb598812a8c3ef73b518a4343c04c1a3a24a641e6ff442a117b2194 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll | 22.22 KB |
MD5:
9d9e9f011eb5e57b1aad403381db2dc0
SHA1: 877c9c87489aec11203d5eef8e8eec7cf043d409 SHA256: 2cbb299a48d862a70be7da3ad933c43fb94a8e15b0ad181a50f8839fc0a37cee |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-convert-l1-1-0.dll | 22.72 KB |
MD5:
95dab35641d78b80984ee8837a503e69
SHA1: 5321f924b0b8829ad943d28df03837761f16644d SHA256: d12372aa9f9d48f064853e91adcb826d16d30898b7c3aecb55d3ef90585cc03d |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll | 18.72 KB |
MD5:
119ac6212daf36c303ae53bca3cf035e
SHA1: 11213e766612322554807b8ee6d125e349403f45 SHA256: cddbd1c9826ba8aa3516e1e1a9c562722dd94265c0c390a445e189a8997b3e4a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-environment-l1-1-0.dll | 19.22 KB |
MD5:
cf0b902b894a27d185524839e0af804b
SHA1: c457940cdbc533078e14d59702ce7b07059a965c SHA256: ca43590e2e64f419f68a6b5546e0609b22eac23cd567c21de43897e903e72c67 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll | 20.22 KB |
MD5:
6d3a3bb0a64f198f9278db68be7bd5b9
SHA1: cb18b048ddec64df6129550bc9b34b786f7d1e0b SHA256: ccad0a97fc886be55942af0b43ec91c34ed0eb4e42637bca50e80ba071ec034a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-filesystem-l1-1-0.dll | 20.72 KB |
MD5:
e538f31045b39cf753cce41ec066ff56
SHA1: ff39f7f1071e41aefa2a969bc98b10b2f60c66e8 SHA256: 9fd8e19b1a05f30211cb11ed6ed5c92e8351754609fc5e2c8e7effaec017f2fa |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll | 19.22 KB |
MD5:
3dfb813bb1c17383e5d3e24679e42065
SHA1: f4f269ac8bfa6af863ae9a86505b9cf321f052f2 SHA256: 4fa719a172f024a02ed11f16720cf5b35fe438ff0788750b76bf9f06a5759201 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-heap-l1-1-0.dll | 19.72 KB |
MD5:
f611a1acac4c63fc5786c0cfe3139553
SHA1: f12fd7a3fc9b4ee730dcd8f4b8d308c177151530 SHA256: 6893e37380a932199ca8bdd42eef23156e46477e795012e18f84210023e04cf2 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll | 18.72 KB |
MD5:
84206093e1d550162f03bea0c50d2054
SHA1: 550e5015bf2e7ddb71f46315ffc5339ae083c46f SHA256: 53b60c7078a4a091219127ccb198ea5ca6e63423ece1a0908f97b085ac96bc7b |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-locale-l1-1-0.dll | 19.22 KB |
MD5:
11ddfdff6ced2b90a17d0a45f4725dfb
SHA1: 945bb2696bb13e90139d957d8e00f4794a560844 SHA256: 393aeebd06dd64f06c7d284cdb9b3e52f5cca6405c273f14cf844f00fba4a2f3 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll | 27.22 KB |
MD5:
555db3d4cd2cc7e833dba9f4b17a492f
SHA1: fdd49bf881a4b7bd2e1f77c96816dc95b49782b0 SHA256: c88a5653b2b7fd91e9d7cabe6e0c562bfdb5ffe94f8d22aab5053c1b11eb652f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-math-l1-1-0.dll | 27.72 KB |
MD5:
f0365f9f1529305bb818a06b8c7e42f3
SHA1: 3078dad668be5810a26628560a5d35e94923a07f SHA256: 95bcb3efc918d5dcc200981ea06b0f0bc4317aac2db05b110c542ad5f38f8ec0 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll | 26.22 KB |
MD5:
482faa5624013720b7caa0f9808a7857
SHA1: db160d77dcadc15b2b3b284275ee8cd2acb2a9aa SHA256: 6d4b09d84d5dedd49a64184797b871ef93477ea70ea5e4cfa452ea986aea7652 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-multibyte-l1-1-0.dll | 26.72 KB |
MD5:
3652e7ed09e9cb47534010d2ef450021
SHA1: 26012cb9acd993e2356cffb1549b26f08959c6cd SHA256: 47a815497a58a0d77784908e518b38aba384eaa9e9b28885a22f3016efab8999 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-private-l1-1-0.dll | 69.22 KB |
MD5:
2558b028ee0695f6304b38afba52fb8f
SHA1: 18a62a42c77a78f26cc1e44931fc56594d9db510 SHA256: a0fae81d031af02669e7c2dd1c982818e16a42fd5789a02ce42a640a1ecadb24 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-private-l1-1-0.dll | 69.72 KB |
MD5:
af0ffdd9d0c0c55596497cd8cea4b11c
SHA1: 26d1ebb9de4a7268d9f3800a490d56fdb0b4f4a9 SHA256: 7899c07d5d1baab9e416dc0c890ab8b36de95e52759741d834f34fb69e5f0c6a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-process-l1-1-0.dll | 19.22 KB |
MD5:
d90812d69d6ba1f72b5292a64b4e6594
SHA1: 4cb4d4b4ade8c1c00ecda5441d60200331d0157a SHA256: 3a35f241ac579f6bf4d08f1e2ff12bb79dc584b6d75b65335c2451991b0784db |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-process-l1-1-0.dll | 19.72 KB |
MD5:
da4622a7adcff855a3675dfc57644912
SHA1: 4da0ca006ba62630055b6dcb5d6eb6c0cf99e51f SHA256: 2667857d8d19923eea1479fae3c3a437908948103749e8d2cc4c8e4228656fed |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll | 22.72 KB |
MD5:
407b6de0a0b08f5ec9f4441f396f1b88
SHA1: 1b4be073b5586867e8732f8785b6762f33135c1e SHA256: 26cbdec8b437ea46ce95cdd52281974d7c22a6f98ede29830f0026eafbc16e34 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-runtime-l1-1-0.dll | 23.22 KB |
MD5:
d0e0fce3416effea238df1be74f39606
SHA1: 5439ee05b9860228dbf5360d077cb212beabca1c SHA256: 44ce8fe21f5e85672a08c518ff118be3dc6dd3bcb5a7398eb6ba53cd79b4cf0b |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll | 24.22 KB |
MD5:
889200325ccf5b8679c8d9a187af324a
SHA1: f6eca62adec81a8ee05714a74990ad2ef5b8e003 SHA256: 767c71c7132e2d33dfcb977bb028bf4db90b6056c5cd650df14aafd9c4c818e1 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-stdio-l1-1-0.dll | 24.72 KB |
MD5:
e93894cbdbd8b70bae1b30178f523fb9
SHA1: 3c5754c5fa9c0f2c2c305f216c3f904d399a284b SHA256: 4a1ac1dd5be1aa2a45572d0aca4e8121b923bcfe0951cb8ceca014b16c3dd246 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll | 24.22 KB |
MD5:
2af6ce2fd6203db52315897962301f2b
SHA1: f8cb70a4b024f6c2b235eda4c828418a7899a226 SHA256: 48924c526162f27790e47e0619cdfd0ca5874dbf34f8805cab5b9068b4da0737 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-string-l1-1-0.dll | 24.72 KB |
MD5:
22589347ead8d6db53234fa315905bd9
SHA1: 8ebd2422fe2d7b3bedbc5b9ba685feac26136e9f SHA256: 5c462cc6b6cb919ec477588acc854137d4153c938dc72c4d366d65937ddf997c |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll | 20.72 KB |
MD5:
b4f1a1b3198e723a9de33edd33a9b8e9
SHA1: 960f1d0f761368319401e4f448b0c3d51e27892f SHA256: f798eeba34415987735055dd8625a0b54956114f14a23f29de65a879ee63974b |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-time-l1-1-0.dll | 21.22 KB |
MD5:
8f40f0ed2ab89381d6d78af6ef04bc50
SHA1: d95cbefa6677323e653d889c783319fb58887d11 SHA256: 28e4dc16515516b44b0f7722a707d48fcedd71a02dfc25219b8e7d524c0576c9 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll | 18.72 KB |
MD5:
37aaa850b61df6fc0828f136933ca248
SHA1: 71eda0a0f451764a7c7933f761f6c9b989b46daa SHA256: d0894dd8743efde774294792f324244815d374faeefc7ba11e54df8a98df4bc5 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\api-ms-win-crt-utility-l1-1-0.dll | 19.22 KB |
MD5:
67e3ea5f5110b2453a28d097e969fd31
SHA1: 32908f74faf5441bef7aaf4f1eb5a28fd633685a SHA256: e479622019da2dfda5a9aa7ba832489a0140bc806fc4be5509b7c45b2fa9371b |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvcleaner.exe | 1.97 MB |
MD5:
6027ccbdead70fb915eac49b466badc5
SHA1: b9572f13309740f95da93ad46def329675b1c9af SHA256: e3207c21c462991a2e8d3c68011428b515beb44014ca4afed945f85605620094 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvcleaner.exe | 1.97 MB |
MD5:
798e2f736c7cff67d246e0c76cb5f8af
SHA1: c8d9977a044b7a80acfed9ed8c0b34506b6a64c9 SHA256: 04a094dd3d4722cdf5d2ff2763bad9d2eb731dafeff844dfcdb737d373eb7f5a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems32.dll | 1.70 MB |
MD5:
b67a94e1f1c4d5d24ffd41e348e26657
SHA1: 503d51d8a1e867793a38ec969f1399587aa9e7d3 SHA256: 856631a07fccd3c8f20477045c7e01474ff383694b615d772606adb655de5309 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems32.dll | 1.70 MB |
MD5:
9a601b7b2158505d006a171986ef835a
SHA1: e2b3d502b993a4d6ca428f5b0c994ee31801492b SHA256: af2bc351a25276f704f75a75fc71f8e91fd2ebf5d799cf1bf2500640ea30cc83 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll | 2.20 MB |
MD5:
f0bcba312f393291db4e966b458fb93d
SHA1: 7397c386c625e812b1ca2dc3f72b9ef5c2070b6c SHA256: 66ee14a1799311eaa480c2b09a9c044f948675f8177fe44d541de0136e5d6a21 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvisvsubsystems64.dll | 2.20 MB |
MD5:
9ffa2cd9ec3cccaa04568ee117d57d6c
SHA1: 12369c68343db424f4efb548d160e54a65a39aa0 SHA256: 2e851436be23b16d3e3a1de37e0cf076bf86dee12a9a2324fe236283587f0b65 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvscripting.dll | 509.31 KB |
MD5:
56e489a3d8a884ef3b7d0b76848da0d0
SHA1: 9ba7928013ced1099795d867eecf707bb8d2a948 SHA256: 05f83703cf11d6c58bc49042467aeef2fcb8b7bfddb859c77ed65cce5124de18 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvscripting.dll | 509.81 KB |
MD5:
70d48138b5da3567248670cd270c1fb0
SHA1: 3f45a6eeabe11b24fd550f0709e2138ebcec1d9e SHA256: beebc01db0d751c96883a10a606d806a72f6740ffce9fcbb7d54b3632fa11731 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe | 266.81 KB |
MD5:
8264358de406b51e8435be67dd708e2f
SHA1: edf65c840d8a43e8f771b72dad6076a8ac5eba64 SHA256: cd862444e9f5488758cb30b2e844ac98ecd45de26a177435bfd4f24fb7e3a2ee |
|
|
| c:\program files\common files\microsoft shared\clicktorun\appvshnotify.exe | 267.31 KB |
MD5:
c0bc46143f5466c07262145a6f1d307b
SHA1: 8b15bf511391585a2f006294790377ef9f8f3b9a SHA256: 900450dc443e2b38594476377d6c783a0fae86450d455534c921e86eb0e999bb |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2r32.dll | 1.41 MB |
MD5:
20b9fefef918d1a2269a44a92be227c0
SHA1: 0db482cf5f8ce1f1e6e613d7d6afaddf42b764c2 SHA256: 9584f86e54f294244f5048a995836a7cd3593f686abf8bc7055a8ff30049b46e |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2r32.dll | 1.41 MB |
MD5:
9a728740c51ac0bb2c7ce65554d7442e
SHA1: ce8bff9f569250a811858aeb5f424095906bfcfb SHA256: d4ac54a070b75196276e7e94f55a41cf93a7243026a8c307a3b4a7a13c5a5f02 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2r64.dll | 1.91 MB |
MD5:
d9579ddc97c0cbbb413ac8412d41d5bc
SHA1: 69df576875fa5eefbd1286b4528f5d012964cd76 SHA256: 58f7a02870a57e77fb513be0638dd67ecded80d102192804ccbe174b96019a03 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2r64.dll | 1.91 MB |
MD5:
12f7046a4641bc31ff58effd75ba1895
SHA1: 521e4ca34bb4e5a6d7488d00e189c810a016635b SHA256: 2d257c207a6436b99a90e6012d68f94284c18f07662c37b7ccc20a099201c6cb |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml | 4.06 KB |
MD5:
e96e4ff0085f650a36adf53661ea2c6d
SHA1: 952324ab999e8a4fd9365fc5d47497dc65c64056 SHA256: dec7e4a0bf4e20691c89ad8b1fa1664f18d4a5342763ba594de2c114752e7d5b |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml | 4.56 KB |
MD5:
b54cd29fbcd2d4310bfc41857d844ef5
SHA1: 01278c4c2a3f3b8128b35cdbaf7ccdaf53454202 SHA256: 9591fa562b47730d4890a5922f7dd672d535ef3234b5a224ebba15b991ea7b2f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2rui.en-us.dll | 995.72 KB |
MD5:
743f2cf50e33ab2f1f691aeee54e512e
SHA1: a4aad9be7994d73ab099a5b4d3317c4f9527723f SHA256: 2760ed8f41dded3b194fa483fbc27e2b9bbc7069f247c2448db7e9d3368ddb48 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\c2rui.en-us.dll | 996.22 KB |
MD5:
293034391c2308f7c264d8d791a8dd7b
SHA1: 1c4f3afa6fc72386e3ce561dad3ae213ad68e35d SHA256: 33d882c1a391a4b6165358b08445cc7d4a49993022c21241bd542b25dbfbcbc1 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\clientcapabilities.json | 0.06 KB |
MD5:
2e2a6bdd1418f77d2ab93d905ec68b5d
SHA1: c19b16d37ca7dcc4c82e5563d916dbb15a020b7c SHA256: 9bd23c08809b3f6581cc2cf19401edcfab0ce5c029dea637e4a995303aa8f160 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\clientcapabilities.json | 0.56 KB |
MD5:
a37b2c6151903d7b1ab335c4878d8063
SHA1: cc5d12c5313da03c4901554646a660b12fb7d003 SHA256: d45429e042efc50ae1c4e847f336578fc44af08bf5e24bd517919478c0727602 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\clienttelemetry.dll | 1.80 MB |
MD5:
7bfe1b629ac24d45bdba77d620abf237
SHA1: 4d24cb21b71ccc3f0a46dbf6827f3e67dda9c82a SHA256: 71d45980241e28dbd0ef503fbebcf697b357bc19c21120ce6391cc05b4ab3f46 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\clienttelemetry.dll | 1.80 MB |
MD5:
6da1c6a666477ea4e50cecf13b3dc7e8
SHA1: 89d66e132b1ec0b9685cdd12da48e7cb789c02da SHA256: 60e3dbbe83f2ef4b279eef3954c2f66465e1cd539c940198535f1bb27a84d11c |
|
|
| c:\program files\common files\microsoft shared\clicktorun\concrt140.dll | 325.84 KB |
MD5:
171f8b38cb063e41d2977e1c79d64b28
SHA1: 078e05658b13d0ce2dfa170f48b3f3485965c63c SHA256: c57c8782ea54455ce47e7c1d32ccfaa0ed6c359594660d487b33a6281839e070 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\concrt140.dll | 326.34 KB |
MD5:
42f008163f211a3d9753a8d4b5561990
SHA1: 16c7776f9ee410cdada5f39b894dc9ea022015ce SHA256: 8456cd026791091d0f368ef51a206e3816e8f3b4585fc761fa06426445005e9f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\i640.hash | 0.12 KB |
MD5:
a1cfd27bc2177ced277eb1827158188b
SHA1: 5c90eb275863150bf7fe60c5b175f313fdd887a6 SHA256: 68f7b1a51178dfdf7517fa39399aa2cc46a74521b1751a31b61dee693c5fc9f3 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\i640.hash | 0.62 KB |
MD5:
3fc8fdbf027de2d36452b2f675b55bc4
SHA1: 9167114c74a73b08523e219016532f851b5f5555 SHA256: e209e64a505af38c06e787c81b6bee4257b4356fd3d3f4717dca8a2540e77634 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\i641033.hash | 0.12 KB |
MD5:
c5a8ef650a72b24d12530105224a0e6d
SHA1: ea5c3765b44028d3bd8c9c7b22b67354ce1261a1 SHA256: 718c23112800c4aef4b977484f12b1d9a2018117cb739a07da85d61aafd78f0d |
|
|
| c:\program files\common files\microsoft shared\clicktorun\i641033.hash | 0.62 KB |
MD5:
a23ff618276a9b318024879899d891f7
SHA1: 6df3b85d5697c19a68a10b9c2e16003f645ef88e SHA256: 17e45046f7d6df4ffe7b069a705e84a35990cb2c937f660f6042d4a744c55744 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\integratedoffice.exe | 4.24 MB |
MD5:
83d89d29eb85c561bf1502a583ac5c39
SHA1: 1fc458c72c0ab6eeb6f093f01bbd35f1aab2aea0 SHA256: 9082ecf2918986569161152df29e052127864585322eca5339104ba2c47f65b0 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\integratedoffice.exe | 4.25 MB |
MD5:
b36588295248143016f586de036ae9bb
SHA1: 086090e27b23aeaec6a042a3e56952a24335990c SHA256: ca66fdf37af38599cae97513b6c22c7345bb27191e73a487402f92bfb9f16e81 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mavinject32.exe | 359.31 KB |
MD5:
12af5da90c720697908771691335bf63
SHA1: 18c935ccd76bd9cb6cd0461f20e986d446536105 SHA256: ef122b1d3730ef1c930689eb991fe33d00f75ef8f935b9ed86212ae9afc14b04 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mavinject32.exe | 359.81 KB |
MD5:
cdda122d5337742b76a7f0d6074fa0ea
SHA1: 28618a6b6400f31b080eb03308d944267dea9012 SHA256: 42f2a8ce2f78d7c8f853b8d87ff8eec49a1a8f290b26ed7a96cb70c8bacf81f8 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso20win32client.dll | 4.46 MB |
MD5:
92944c5cac195440a73bdda2cb9e70df
SHA1: a007764b6ddee8b03e21721dea1491af956f8a46 SHA256: 0a822877e61860db36b6009a52bbfdcbfd8a3f7eb7460a6329edd15484c35a93 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso20win32client.dll | 4.47 MB |
MD5:
17fb0a91befd68074e760fdbea847f21
SHA1: 60bee8cb5a15bf5fdcbbf34dddc64204e6e625e4 SHA256: e561acb707294432007fe060a4c9e08891b2d540e3c37c04aa6fb84dc81553e8 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso30win32client.dll | 6.80 MB |
MD5:
3b27772cf5ddf3610df20d4f35670cb8
SHA1: 89a8ad07cd0d8cbe1a1c1895d5f82eff13243d03 SHA256: b0382917ad1cb3a384492f8c30210e5749d17c47f31266ec6e8fa5e50a76ce63 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso30win32client.dll | 6.80 MB |
MD5:
6141afd2b7bf8e8877afd43193cf963c
SHA1: 88481e75bbfca1ce5cdbef10a478cfc3a8a667cb SHA256: 3ebfbb607575862de9a6786869d41cc19bbc001369dc2402500bb7bd110757de |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso40uires.dll | 4.25 MB |
MD5:
902f00ec22f5dbeae25b11a6ea73b0b1
SHA1: 0d6c10cd93df8d2c2b67863db8e827d93b157a94 SHA256: f9ca9431378a1d46820108152c4cd2c705fa88c3566c2e8ec5213ee63df232f4 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso40uires.dll | 4.25 MB |
MD5:
65a7ac99d4e754417d615a931b20bad5
SHA1: ed63089422affd7d6ba19540c6ae56bb9f4a810c SHA256: 981f504e223de0b97c445cb2afda256523201a89dece9a1321051b57fae3fcef |
|
|
| c:\program files\common files\microsoft shared\clicktorun\mso40uiwin32client.dll | 10.00 MB |
MD5:
bd3874610ed589e1439875c32e385129
SHA1: 3a3a825597681612bb9e0ed75be392ee22af7c49 SHA256: 144cfb403b540c0a44a91db61c942ea588c6eba2adbfcfbde76901c7378c4e86 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\msointl30.en-us.dll | 74.22 KB |
MD5:
8a3c1fb38600add796c8d9750e55a359
SHA1: 997037365ffe06d12ddecdb2e8e036dce12279a2 SHA256: a2ffe2bc744a196a9272c8d6a7fa02b18861edd9e2044457566d0e87e04a21e4 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\msointl30.en-us.dll | 74.72 KB |
MD5:
1430797492e4d47dedc68ac94d9ee7aa
SHA1: f5716d4a7cf8bb47727fa0fcf24950ed3ae6d0be SHA256: 3497699cbf5582db1dd7857b817c3dff25297f38b2a72dec98d041a7e449e4ab |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officec2rclient.exe | 10.00 MB |
MD5:
ffc949a2e16a51b2102435f917301298
SHA1: 79e54a06f4abdde1a22247678c589982524ca16d SHA256: 6717ac0e398fb619b4de5dddbeb7b684ac0f2d0dfeb2408b55eaed3b5be68547 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officec2rcom.dll | 1.78 MB |
MD5:
4f657be92303284be973221f8f306211
SHA1: 3260bca376da07c5a706e7ffb690543b2ee18950 SHA256: c78e9dbd833fd4233ddfa2b53d2540bad73b531e398779e57f8a883424c59a26 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officec2rcom.dll | 1.78 MB |
MD5:
bc11d384f7a1c90d483a4a934ae875b8
SHA1: 45e3ef8ae40bd6e31b164c37c6050d837751cd86 SHA256: 3aa068fc7ae301a9132da6bb198a34452892afc9f8d9f23b284a19cf81dec03f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml | 4.69 KB |
MD5:
db85a4af94fa3f3379249d58d0d5e316
SHA1: 583f4252e10b6aaa27bf9a0b4cb90ef40e40e5db SHA256: 77e8b5f77a0fd015610d5df466b2826f7365bb439902588ce9ea098bd60b2218 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml | 5.19 KB |
MD5:
313a782e52ee105db21a0439d0ba1e44
SHA1: 1c888cdbd58c53a68fe5807bd442335f3b33f156 SHA256: 5eddd5defdceb6a1c81c0002c72c4d0f9ab96f8b42e21ece80d0d724873a4690 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml | 4.38 KB |
MD5:
77af118790fba5c150190009441c6a4d
SHA1: 8915b7f5bb4f49e3937d9efa4425096d4c3567f2 SHA256: d63a504fdcf5f79f06b05c4e65de569f4331d9330675f5da21ec1d1d67c8d49c |
|
|
| c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml | 4.88 KB |
MD5:
dcbf870231565ceb0922ccd875060668
SHA1: 3ac83c3fc9deca8c8670b0d19d2df094c4b15855 SHA256: 35c0e41548767ec419ed99460d1904495cb6d1b689d15c1ccc8d8d2b6c275294 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll | 959.72 KB |
MD5:
7ae17591b38a7b78d3037cf46931a6da
SHA1: c79eabc38a28ab644364602e0d8633971d84f085 SHA256: 873f52e5b57c612cb8502f45911276588a54301dd677880203c2bc9e895d2a6f |
|
|
| c:\program files\common files\microsoft shared\clicktorun\ucrtbase.dll | 960.22 KB |
MD5:
9afd40406e975059c55aab0ceafa3ad0
SHA1: dd2fd549df053994043e4ef99fe537862bcdcc44 SHA256: 902c0889b1673fbf829b393d9dcc60b2822d61cda42f43162019124d02cde14a |
|
|
| c:\program files\common files\microsoft shared\clicktorun\vccorlib140.dll | 386.34 KB |
MD5:
6505bc34cab74af6dcb31c3410a3864d
SHA1: 7e7bbaa978223ac130e1dc9e5006ace5498f40be SHA256: 3f1c7209c2bbb86ffe4c68059b595ba129f2fe12248e922ddfa57805fa4838f1 |
|
|
| c:\program files\common files\microsoft shared\clicktorun\vccorlib140.dll | 386.84 KB |
MD5:
33153140aa88e02d2864c44d053b75c5
SHA1: 89fb3a6d23ed018622d365ac2dfb4a2887ac116f SHA256: e67e03ab038b08947447b3cd76c916abf816ec2d1fe8e7cecda6a87b0462560b |
|
|
| c:\program files\common files\microsoft shared\office16\liclua.exe | 564.22 KB |
MD5:
0149d285d003dc5ea714fef12a76c786
SHA1: dedc97c8d3000d5525ab2a9a859742e1fa2d3cb5 SHA256: 0e94faf6a8a5beb0184da45499b42a185dc831971909e829c9c23ac1704b5481 |
|
|
| c:\program files\common files\microsoft shared\office16\liclua.exe | 564.72 KB |
MD5:
6002fdf9063823cfce785e8c3a869e91
SHA1: 80abc8d42db02d4d44a689a8f23ac8383017c41c SHA256: 7f47df895a4d20337c3f330bb9a5c342ffb8269ba8cbc4230bc1b21125679e35 |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pidgenx.dll | 1.41 MB |
MD5:
524f077d0c14c4d0cfb3a1c1054ef7c0
SHA1: c5b4599e958c8b0499bc57a21c90c3e7d7ad0af3 SHA256: 8d253a19e9c77bc5f77441b841f89243b90b6e550acf2372a538cb22a1cff562 |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pidgenx.dll | 1.41 MB |
MD5:
90aee27d63209c968face9f035756947
SHA1: 2f3da20fd7dd06b44e73c651235f2e5b33cdaa07 SHA256: 3e7401f554894f8b78517121d1d7dd661bb699a2a8c7285241ec7241e34d2f6b |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig-office.xrm-ms | 624.19 KB |
MD5:
40237098b6c7a04abcb682ce58513499
SHA1: 3e59f53c8af1d89bb53b7b8c0b6cf19d069ea768 SHA256: 102c94d2c4bc97ee119e2777e560540ca7f9a1d9935ea472c58da3f47a7d2529 |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig-office.xrm-ms | 624.69 KB |
MD5:
99abfd2614127fc84af4787ab8034288
SHA1: b42b4c2001fd6aa1b467de62d54dc3ca5301e8ec SHA256: 0a8329fa58d0945e2ac3737246cb7241cf6855530440d33eb78688b9d175b602 |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll | 29.22 KB |
MD5:
7bb1330ce8cba3719f204d41a964063d
SHA1: 78c7b41bdd409a46ab9b379c4e63f7902dee2031 SHA256: 6feb2f019067c173aa349a41593ab476b378788ea8e136a9b879ef8805447681 |
|
|
| c:\program files\common files\microsoft shared\office16\office setup controller\pkeyconfig.companion.dll | 29.72 KB |
MD5:
946cbc9c9e949b0a58ae7394bd932360
SHA1: 48620898fde359b15fb2acfbfc781fb4d58a00cb SHA256: 465d1561461b1a2b469f1623f6f7fb2a55d1f5994078a9512de07a5a7b8af434 |
|
|
| c:\program files\common files\microsoft shared\source engine\ose.exe | 254.22 KB |
MD5:
0d1c55c99711a47dacecbab07a577330
SHA1: d5ebc2d954e5a2f9ef2e4ba4de8c42632df3d86f SHA256: 2482f6ed79118c1b911737f069e9b8e4e60877b0a10025c79f10cb5ece91ef2b |
|
|
| c:\program files\common files\microsoft shared\source engine\ose.exe | 254.72 KB |
MD5:
4e3d9964ceae76205c028a5a71e9b2cd
SHA1: 75dfb4fd21b6ddfcab4a190b6ce77da32e64d77c SHA256: 6fa23beed14ce49fdcc5acc450e3669218955fea866d5c3cfcbbf57be7a17dd2 |
|
|
| c:\program files\common files\microsoft shared\stationery\desktop.ini | 0.66 KB |
MD5:
2a315b0db0af6254647204b062737e72
SHA1: 6e2446c1ad145c01b5e106f86c1f744e09849d35 SHA256: 24cab90290276079bf90a73e5f1f0eb412b9d4a045501bf68e3537cd533bf0ae |
|
|
| c:\program files\common files\microsoft shared\stationery\desktop.ini | 1.16 KB |
MD5:
74b83dc533dfa21bef2300274dedae0a
SHA1: 9275fa2439ec1050615e0bbbcb8cba3cf8dcc924 SHA256: 5bafc129a05f278a4a3f319abacc47db83ec23fb33dfd8aa49709e0ec52f45f0 |
|
|
| c:\program files\common files\microsoft shared\vc\msdia100.dll | 498.87 KB |
MD5:
098a92e7933ce089ec4e9a03ae19890a
SHA1: 846bf52ab66806e5f63076a29629509fbd72ce60 SHA256: 9a01a1775ecd75426aae9f663f8183dba0786bac20de7ce8c3df5a0fcd35e889 |
|
|
Host Behavior
File (4005)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\\$Recycle.Bin\S-1-5-18\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG1 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BCD.LOG2 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\bg-BG\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\BOOTSTAT.DAT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\bootvhd.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\cs-CZ\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\cs-CZ\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\da-DK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\da-DK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\de-DE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\de-DE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\el-GR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\el-GR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\en-GB\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\en-US\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\en-US\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\es-ES\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\es-ES\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\es-MX\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\et-EE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\fi-FI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\fi-FI\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\chs_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\cht_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\jpn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\kor_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\malgunn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\malgun_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\meiryon_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\meiryo_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\msjhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\msjh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\msyhn_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\msyh_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\segmono_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\segoen_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\segoe_slboot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Fonts\wgl4_boot.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\fr-CA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\fr-FR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\fr-FR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\hr-HR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\hu-HU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\hu-HU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\it-IT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\it-IT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ja-JP\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ja-JP\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ko-KR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ko-KR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\lt-LT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\lv-LV\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\memtest.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\nb-NO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\nb-NO\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\nl-NL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\nl-NL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pl-PL\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pl-PL\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pt-BR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pt-BR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pt-PT\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\pt-PT\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\qps-ploc\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\qps-ploc\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Resources\bootres.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\Resources\en-US\bootres.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ro-RO\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ru-RU\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\ru-RU\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sk-SK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sl-SI\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sr-Latn-CS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sr-Latn-CS\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sr-Latn-RS\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sv-SE\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\sv-SE\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\tr-TR\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\tr-TR\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\uk-UA\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-CN\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-CN\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-HK\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-HK\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-TW\bootmgr.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Boot\zh-TW\memtest.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\BOOTSECT.BAK | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\hiberfil.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\pagefile.sys | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\declaration.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\hour sponsored.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ClientTelemetry.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso20win32client.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso30win32client.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso40uires.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso40uiwin32client.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\msointl30.en-us.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\Alphabet.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\Content.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\boxed-correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\boxed-delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\boxed-join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\boxed-split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\correct.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\delete.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\FlickLearningWizard.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\IPSEventLogMsg.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\IpsMigrationPlugin.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\join.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\split.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\FlickAnimation.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\hwrusalm.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\hwrusash.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\InkDiv.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\InkObj.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsar.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipscat.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipschs.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipscht.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipscsy.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsdan.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsel.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsen.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsesp.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\IPSEventLogMsg.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsfin.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsfra.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipshe.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipshi.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipshrv.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsid.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsita.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipskor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsnld.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsnor.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsplk.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsptb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsptg.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsrom.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipsrus.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipssrb.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipssrl.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipssve.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ipstr.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\journal.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\LanguageModel\chstic.dgml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\micaut.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\mip.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\mraut.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\mshwgst.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\rtscom.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\sr-Latn-CS\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\tabskb.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\TabTip.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\TipRes.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\tipresx.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\tipskins.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\tiptsf.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\tpcps.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\zh-HK\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Bears.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Bears.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Blue_Gradient.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Cave_Drawings.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Connectivity.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Dotted_Lines.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Garden.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Garden.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Genko_1.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Genko_2.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Graph.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Green Bubbles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\GreenBubbles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\grid_(cm).wmf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\grid_(inch).wmf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Hand Prints.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\HandPrints.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Memo.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Monet.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Month_Calendar.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Music.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Notebook.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Orange Circles.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\OrangeCircles.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Peacock.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Pine_Lumber.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Pretty_Peacock.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Psychedelic.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Roses.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Roses.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Sand_Paper.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Seyes.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Shades of Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\ShadesOfBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Shorthand.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Small_News.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Soft Blue.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\SoftBlue.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Stars.htm | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Stars.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Stucco.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Tanspecks.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Tiki.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\To_Do_List.emf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\White_Chocolate.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\Stationery\Wrinkled_Paper.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VC\msdia100.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VC\msdia90.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VGX\VGX.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\Services\verisign.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\adojavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\adovbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\en-US\msader15.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msader15.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado15.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado20.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado21.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado25.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado26.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado27.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msado60.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msadomd.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msadomd28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msador15.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msador28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msadox.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msadox28.tlb | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\ado\msadrh15.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\DirectDB.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\en-US\wab32res.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\adcjavas.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\adcvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msadce.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msadcer.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msadco.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msadcor.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msadds.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msaddsr.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msdaprsr.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msdaprst.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msdarem.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msdaremr.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\msadc\msdfmap.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\msdaosp.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\msdaps.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\msdasql.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\msdasqlr.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\msdatl3.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\msxactps.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\oledb32.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\oledb32r.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\oledbjvs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\oledbvbs.inc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\sqloledb.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\sqloledb.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\sqlxmlx.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\Ole DB\sqlxmlx.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\wab32.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Common Files\System\wab32res.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\desktop.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\en-US\hmmapi.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\en-US\ieinstal.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\en-US\iexplore.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\hmmapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\iediagcmd.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\ieinstal.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\ielowutil.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\IEShims.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\iexplore.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\images\bing.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\SIGNUP\install.ins | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Internet Explorer\sqmapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\awt.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\bci.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\dcpr.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\decora_sse.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\deploy.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\dtplugin\deployJava1.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\dtplugin\npdeployJava1.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\dt_shmem.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\dt_socket.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\eula.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\fontmanager.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\fxplugins.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\glass.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\glib-lite.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\gstreamer-lite.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\hprof.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\instrument.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\j2pcsc.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\j2pkcs11.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jaas_nt.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jabswitch.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\java-rmi.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\java.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\java.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\JavaAccessBridge-64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\javacpl.cpl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\javacpl.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\javafx_font.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\javafx_font_t2k.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\javafx_iio.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\javaw.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\javaws.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\java_crw_demo.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jawt.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\JAWTAccessBridge-64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jdwp.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jfr.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jfxmedia.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jfxwebkit.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jjs.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jli.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jp2iexp.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jp2native.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jpeg.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jsdt.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jsound.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\jsoundds.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\kcms.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\keytool.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\kinit.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\klist.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\ktab.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\lcms.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\management.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\mlib_image.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\msvcp120.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\msvcr100.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\msvcr120.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\net.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\nio.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\npt.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\orbd.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\pack200.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\plugin2\msvcr100.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\policytool.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\prism_common.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\prism_d3d.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\prism_sw.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\resource.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\rmid.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\rmiregistry.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\server\classes.jsa | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\server\jvm.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\server\Xusage.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\servertool.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\splashscreen.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\ssv.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\ssvagent.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\sunec.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\sunmscapi.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\t2k.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\tnameserv.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\unpack.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\unpack200.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\verify.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\w2k_lsa_auth.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\WindowsAccessBridge-64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\wsdetect.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\bin\zip.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\COPYRIGHT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\accessibility.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\amd64\jvm.cfg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\calendars.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\charsets.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\classlist | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\CIEXYZ.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\GRAY.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\LINEAR_RGB.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\PYCC.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\sRGB.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\content-types.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\currency.data | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\ffjcext.zip | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_de.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_es.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_fr.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_it.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_ja.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_ko.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_pt_BR.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_sv.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_CN.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_HK.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_TW.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash@2x.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash_11-lic.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash_11@2x-lic.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\deploy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\access-bridge-64.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\cldrdata.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\dnsns.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\jaccess.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\jfxrt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\localedata.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\meta-index | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\nashorn.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunec.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunjce_provider.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunmscapi.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunpkcs11.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\ext\zipfs.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\flavormap.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fontconfig.bfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fontconfig.properties.src | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightDemiBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightDemiItalic.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightItalic.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaSansDemiBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaSansRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaTypewriterBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaTypewriterRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\hijrah-config-umalqura.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\cursors.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\invalid32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_CopyDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_CopyNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_LinkDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_LinkNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_MoveDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_MoveNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\javafx.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\javaws.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\jce.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\jfr\default.jfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\jfr\profile.jfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\jfr.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\jfxswt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\jsse.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\jvm.hprof.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\logging.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\management\jmxremote.access | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\management\jmxremote.password.template | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\management\management.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\management\snmp.acl.template | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\management-agent.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\meta-index | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\net.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\plugin.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\psfont.properties.ja | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\psfontj2d.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\resources.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\rt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\blacklist | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\blacklisted.certs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\cacerts | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\java.policy | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\java.security | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\javaws.policy | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\local_policy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\trusted.libraries | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\security\US_export_policy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\sound.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\tzdb.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\lib\tzmappings | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\LICENSE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\README.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\release | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Java\jre1.8.0_131\Welcome.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\AppXManifest.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\FileSystemMetadata.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\invision-tissue-universe-alliance.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\Office16\OSPP.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\Office16\OSPP.VBS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\Office16\OSPPREARM.EXE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\Office16\SLERROR.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-localization-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-processthreads-l1-1-1.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-synch-l1-2-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-timezone-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-xstate-l2-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-conio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-convert-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-environment-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-filesystem-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-heap-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-locale-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-math-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-multibyte-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-private-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-process-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-runtime-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-stdio-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-string-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-time-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-utility-l1-1-0.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\AppVDllSurrogate32.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\AppVDllSurrogate64.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\AppvIsvStream32.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\AppvIsvStream64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\AppvIsvSubsystems32.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\AppvIsvSubsystems64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\AppVLP.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\C2R32.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\C2R64.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\mfc140u.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\msvcp120.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\msvcr120.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\client\ucrtbase.dll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00965_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01039_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01044_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01060_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01216_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01218_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01251_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01545_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02559_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02724_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN03500_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04108_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04117_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04134_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04191_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04196_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04206_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04225_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04235_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04323_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04326_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04332_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04355_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04369_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04384_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04385_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BABY_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00141_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00146_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00155_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00160_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD05119_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06102_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07761_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07804_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07831_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08758_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08773_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08808_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08868_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09031_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09662_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09664_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10890_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10972_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19563_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19582_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19695_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19827_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19828_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19986_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19988_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD20013_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00008_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00012_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00045_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00098_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00105_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00130_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00148_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00152_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00234_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00247_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00248_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00252_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00254_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00261_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00262_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00265_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00270_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00273_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00274_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00296_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00390_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00392_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00524_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00525_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00526_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00648_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00921_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00923_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00985_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOAT.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOATINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00076_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00078_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00092_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00100_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00135_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00136_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00145_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00186_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00224_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00438_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00439_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00440_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00441_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00442_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00443_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00444_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00445_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00453_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01080_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01603_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01634_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01635_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01636_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01638_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01639_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CARBN_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CG1606.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC1.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC2.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLIP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CMNTY_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANE.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUPINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00117_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00121_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00234_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00255_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00256_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00261_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00297_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00372_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00405_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00407_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00413_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00414_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00419_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00437_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00448_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00449_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00687_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00705_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01039_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01138_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01139_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01140_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01143_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01145_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01146_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01151_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01152_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01157_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01160_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01162_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01163_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01166_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01167_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01168_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01169_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01170_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01171_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01176_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01178_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01179_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01180_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01181_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01182_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01183_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01186_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01366_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01434_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01585_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01586_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01628_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01629_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01630_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01631_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01761_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01772_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01793_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EAST_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00019_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00006_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00202_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00222_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00319_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00320_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00397_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00902_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EXPLR_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FALL_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Move | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.[evil@cock.lu].EVIL | source_filename = C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml |
|
1 | |
| Write | C:\\$Recycle.Bin\S-1-5-18\desktop.ini | size = 160 |
|
1 | |
| Write | C:\\$Recycle.Bin\S-1-5-21-1462094071-1423818996-289466292-1000\desktop.ini | size = 160 |
|
1 | |
| Write | C:\\Program Files\Common Files\DESIGNER\MSADDNDR.OLB | size = 23264 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll | size = 18656 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll | size = 18656 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll | size = 21216 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll | size = 18656 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll | size = 11648 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll | size = 19680 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll | size = 22752 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll | size = 20704 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll | size = 19680 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll | size = 27872 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll | size = 26848 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll | size = 70880 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll | size = 19680 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll | size = 23264 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll | size = 24800 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll | size = 24800 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll | size = 21216 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll | size = 521536 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe | size = 273216 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml | size = 4160 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.en-us.dll | size = 1019616 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json | size = 64 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ClientTelemetry.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll | size = 333664 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash | size = 128 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\i641033.hash | size = 128 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe | size = 367936 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso20win32client.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso30win32client.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso40uires.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\mso40uiwin32client.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\msointl30.en-us.dll | size = 76000 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\OfficeUpdateSchedule.xml | size = 4800 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml | size = 4480 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll | size = 982752 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll | size = 395616 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE | size = 577760 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms | size = 639168 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll | size = 29920 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE | size = 260320 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini | size = 672 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VC\msdia100.dll | size = 990048 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VC\msdia90.dll | size = 855392 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll | size = 12480 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll | size = 20640 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe | size = 100512 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll | size = 367232 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll | size = 48896 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll | size = 168096 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb | size = 17056 |
|
1 | |
| Write | C:\\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb | size = 22688 |
|
1 | |
| Write | C:\\Program Files\desktop.ini | size = 192 |
|
1 | |
| Write | C:\\Program Files\Internet Explorer\SIGNUP\install.ins | size = 480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\awt.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\bci.dll | size = 16992 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\dcpr.dll | size = 159840 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\decora_sse.dll | size = 86112 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\deploy.dll | size = 586848 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\dtplugin\deployJava1.dll | size = 1025120 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\dtplugin\npdeployJava1.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\dt_shmem.dll | size = 29792 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\dt_socket.dll | size = 24672 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\eula.dll | size = 136288 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\fontmanager.dll | size = 274528 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\fxplugins.dll | size = 186976 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\glass.dll | size = 265824 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\glib-lite.dll | size = 455776 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\gstreamer-lite.dll | size = 619616 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\hprof.dll | size = 158304 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\instrument.dll | size = 123488 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\j2pcsc.dll | size = 19040 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\j2pkcs11.dll | size = 63584 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jaas_nt.dll | size = 21088 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jabswitch.exe | size = 34400 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\java-rmi.exe | size = 15968 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\java.dll | size = 159840 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\java.exe | size = 206944 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\JavaAccessBridge-64.dll | size = 142432 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\javacpl.cpl | size = 186400 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\javacpl.exe | size = 79968 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\javafx_font.dll | size = 69216 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\javafx_font_t2k.dll | size = 538208 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\javafx_iio.dll | size = 128096 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\javaw.exe | size = 206944 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\javaws.exe | size = 318560 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\java_crw_demo.dll | size = 29792 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jawt.dll | size = 14432 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\JAWTAccessBridge-64.dll | size = 15456 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jdwp.dll | size = 201824 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jfr.dll | size = 26720 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jfxmedia.dll | size = 139872 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jfxwebkit.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jjs.exe | size = 15968 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jli.dll | size = 174688 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jp2iexp.dll | size = 295008 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jp2launcher.exe | size = 111712 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jp2native.dll | size = 20064 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll | size = 234592 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jpeg.dll | size = 185440 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jsdt.dll | size = 18528 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jsound.dll | size = 35424 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\jsoundds.dll | size = 31328 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\kcms.dll | size = 220768 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\keytool.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\kinit.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\klist.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\ktab.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\lcms.dll | size = 233568 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\management.dll | size = 36960 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\mlib_image.dll | size = 653920 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\msvcp120.dll | size = 660160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\msvcr100.dll | size = 829280 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\msvcr120.dll | size = 963264 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\net.dll | size = 96864 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\nio.dll | size = 60512 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\npt.dll | size = 19040 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\orbd.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\pack200.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\plugin2\msvcr100.dll | size = 829280 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll | size = 234080 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\policytool.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\prism_common.dll | size = 57440 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\prism_d3d.dll | size = 130656 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\prism_sw.dll | size = 97888 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\resource.dll | size = 15456 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\rmid.exe | size = 15968 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\rmiregistry.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\server\jvm.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\server\Xusage.txt | size = 1440 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\servertool.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\splashscreen.dll | size = 211040 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\ssv.dll | size = 571488 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\ssvagent.exe | size = 69728 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\sunec.dll | size = 135264 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\sunmscapi.dll | size = 31840 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\t2k.dll | size = 255072 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\tnameserv.exe | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\unpack.dll | size = 79968 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\unpack200.exe | size = 197216 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\verify.dll | size = 49248 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\w2k_lsa_auth.dll | size = 24160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\WindowsAccessBridge-64.dll | size = 110176 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\wsdetect.dll | size = 192608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\bin\zip.dll | size = 77920 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\COPYRIGHT | size = 3264 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\accessibility.properties | size = 160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\amd64\jvm.cfg | size = 640 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\calendars.properties | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\charsets.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\classlist | size = 84384 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\CIEXYZ.pf | size = 51264 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\GRAY.pf | size = 640 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\LINEAR_RGB.pf | size = 1056 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\PYCC.pf | size = 274496 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\cmm\sRGB.pf | size = 3168 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\content-types.properties | size = 5568 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\currency.data | size = 4128 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\ffjcext.zip | size = 14176 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages.properties | size = 2880 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_de.properties | size = 3328 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_es.properties | size = 3616 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_fr.properties | size = 3424 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_it.properties | size = 3232 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_ja.properties | size = 6368 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_ko.properties | size = 5728 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_pt_BR.properties | size = 3296 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_sv.properties | size = 3424 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_CN.properties | size = 4096 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_HK.properties | size = 3776 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\messages_zh_TW.properties | size = 3776 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash.gif | size = 8608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash@2x.gif | size = 15296 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash_11-lic.gif | size = 7808 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy\splash_11@2x-lic.gif | size = 12256 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\deploy.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\access-bridge-64.jar | size = 188032 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\cldrdata.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\dnsns.jar | size = 8288 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\jaccess.jar | size = 44544 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\jfxrt.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\localedata.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\meta-index | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\nashorn.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunec.jar | size = 42176 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunjce_provider.jar | size = 280192 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunmscapi.jar | size = 32704 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\sunpkcs11.jar | size = 251328 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\ext\zipfs.jar | size = 68928 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\flavormap.properties | size = 3936 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fontconfig.bfc | size = 3776 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fontconfig.properties.src | size = 10592 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightDemiBold.ttf | size = 75168 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightDemiItalic.ttf | size = 75136 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightItalic.ttf | size = 80864 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaBrightRegular.ttf | size = 344928 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaSansDemiBold.ttf | size = 317920 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaSansRegular.ttf | size = 698240 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaTypewriterBold.ttf | size = 234080 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\fonts\LucidaTypewriterRegular.ttf | size = 242720 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\hijrah-config-umalqura.properties | size = 13984 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\cursors.properties | size = 1312 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\invalid32x32.gif | size = 160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_CopyDrop32x32.gif | size = 192 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_CopyNoDrop32x32.gif | size = 160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_LinkDrop32x32.gif | size = 192 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_LinkNoDrop32x32.gif | size = 160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_MoveDrop32x32.gif | size = 160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\images\cursors\win32_MoveNoDrop32x32.gif | size = 160 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\javafx.properties | size = 64 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\javaws.jar | size = 940896 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\jce.jar | size = 116448 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\jfr\default.jfc | size = 20128 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\jfr\profile.jfc | size = 20096 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\jfr.jar | size = 560608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\jfxswt.jar | size = 33952 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\jsse.jar | size = 583584 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\jvm.hprof.txt | size = 4256 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\logging.properties | size = 2464 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\management\jmxremote.access | size = 4000 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\management\jmxremote.password.template | size = 2880 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\management\management.properties | size = 14656 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\management\snmp.acl.template | size = 3392 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\management-agent.jar | size = 384 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\meta-index | size = 2144 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\net.properties | size = 4480 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\plugin.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\psfont.properties.ja | size = 2816 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\psfontj2d.properties | size = 10400 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\resources.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\rt.jar | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\blacklist | size = 4064 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\blacklisted.certs | size = 1280 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\cacerts | size = 113504 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\java.policy | size = 2496 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\java.security | size = 34336 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\javaws.policy | size = 128 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\local_policy.jar | size = 3552 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\security\US_export_policy.jar | size = 3040 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\sound.properties | size = 1216 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\tzdb.dat | size = 105504 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\lib\tzmappings | size = 8416 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\LICENSE | size = 64 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\README.txt | size = 64 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\release | size = 544 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME-JAVAFX.txt | size = 63936 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\THIRDPARTYLICENSEREADME.txt | size = 177120 |
|
1 | |
| Write | C:\\Program Files\Java\jre1.8.0_131\Welcome.html | size = 960 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\AppXManifest.xml | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\FileSystemMetadata.xml | size = 288 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\Office16\OSPP.HTM | size = 174560 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\Office16\OSPP.VBS | size = 105408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\Office16\OSPPREARM.EXE | size = 221920 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\Office16\SLERROR.XML | size = 36352 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml | size = 388000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml | size = 1888 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml | size = 809312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml | size = 1600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml | size = 525024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml | size = 253984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml | size = 19584 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml | size = 787424 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml | size = 2368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml | size = 2368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml | size = 217568 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml | size = 1312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml | size = 1536 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml | size = 356800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml | size = 15904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml | size = 357696 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml | size = 65344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml | size = 1600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml | size = 9440 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml | size = 391520 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml | size = 1600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml | size = 1312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml | size = 3968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml | size = 1312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml | size = 1312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml | size = 549696 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml | size = 3712 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.16.en-us.xml | size = 10016 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml | size = 384 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l1-2-0.dll | size = 18656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-file-l2-1-0.dll | size = 18656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-localization-l1-2-0.dll | size = 21216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-processthreads-l1-1-1.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-synch-l1-2-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-timezone-l1-1-0.dll | size = 18656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-core-xstate-l2-1-0.dll | size = 11648 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-conio-l1-1-0.dll | size = 19680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-convert-l1-1-0.dll | size = 22752 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-environment-l1-1-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-filesystem-l1-1-0.dll | size = 20704 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-heap-l1-1-0.dll | size = 19680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-locale-l1-1-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-math-l1-1-0.dll | size = 27872 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-multibyte-l1-1-0.dll | size = 26848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-private-l1-1-0.dll | size = 70880 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-process-l1-1-0.dll | size = 19680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-runtime-l1-1-0.dll | size = 23264 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-stdio-l1-1-0.dll | size = 24800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-string-l1-1-0.dll | size = 24800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-time-l1-1-0.dll | size = 21216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\api-ms-win-crt-utility-l1-1-0.dll | size = 19168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\AppVDllSurrogate32.exe | size = 196416 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\AppVDllSurrogate64.exe | size = 227648 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\AppVLP.exe | size = 498912 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\mfc140u.dll | size = 1048608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\msvcp120.dll | size = 660160 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\msvcr120.dll | size = 963264 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\client\ucrtbase.dll | size = 982752 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF | size = 9056 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF | size = 7232 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF | size = 14880 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF | size = 6688 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF | size = 3264 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF | size = 8128 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF | size = 7712 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF | size = 11904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF | size = 544 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF | size = 512 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF | size = 12704 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF | size = 3488 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF | size = 3168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF | size = 12512 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF | size = 5280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF | size = 2624 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF | size = 10624 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF | size = 15328 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF | size = 5344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF | size = 4960 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF | size = 5056 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF | size = 1152 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF | size = 7584 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF | size = 7008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF | size = 13280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF | size = 8608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF | size = 4896 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF | size = 5376 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF | size = 9280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF | size = 5024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF | size = 4416 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF | size = 3968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF | size = 3392 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF | size = 3136 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF | size = 3040 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF | size = 4736 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF | size = 5696 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF | size = 20608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF | size = 10848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00932_.WMF | size = 14432 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00965_.WMF | size = 7104 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01039_.WMF | size = 3360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01044_.WMF | size = 1600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01060_.WMF | size = 8000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01084_.WMF | size = 1856 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01173_.WMF | size = 26336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01174_.WMF | size = 27872 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01184_.WMF | size = 3776 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01216_.WMF | size = 5856 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01218_.WMF | size = 3040 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01251_.WMF | size = 2784 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01545_.WMF | size = 7392 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02122_.WMF | size = 7552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02559_.WMF | size = 6656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02724_.WMF | size = 2112 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN03500_.WMF | size = 9248 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04108_.WMF | size = 2368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04117_.WMF | size = 6080 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04134_.WMF | size = 3424 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04174_.WMF | size = 2656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04191_.WMF | size = 6656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04195_.WMF | size = 4640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04196_.WMF | size = 3168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04206_.WMF | size = 7680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04225_.WMF | size = 8512 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04235_.WMF | size = 7808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04267_.WMF | size = 7808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04269_.WMF | size = 2048 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04323_.WMF | size = 2496 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04326_.WMF | size = 3360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04332_.WMF | size = 4320 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04355_.WMF | size = 3232 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04369_.WMF | size = 4832 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04384_.WMF | size = 5024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04385_.WMF | size = 5024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BABY_01.MID | size = 7392 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00116_.WMF | size = 4896 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00141_.WMF | size = 26912 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00146_.WMF | size = 28960 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00155_.WMF | size = 11648 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00160_.WMF | size = 22528 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF | size = 16192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD05119_.WMF | size = 17248 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06102_.WMF | size = 16128 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06200_.WMF | size = 16704 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07761_.WMF | size = 26752 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07804_.WMF | size = 4928 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07831_.WMF | size = 4096 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08758_.WMF | size = 24352 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08773_.WMF | size = 24800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08808_.WMF | size = 48000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08868_.WMF | size = 40224 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09031_.WMF | size = 47808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09194_.WMF | size = 14560 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09662_.WMF | size = 20576 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09664_.WMF | size = 7968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10890_.GIF | size = 13536 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10972_.GIF | size = 20192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19563_.GIF | size = 20480 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19582_.GIF | size = 15744 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19695_.WMF | size = 12992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19827_.WMF | size = 9728 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19828_.WMF | size = 8800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19986_.WMF | size = 14496 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19988_.WMF | size = 18336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD20013_.WMF | size = 11072 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00008_.WMF | size = 12544 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00012_.WMF | size = 9824 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00045_.WMF | size = 7872 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00098_.WMF | size = 1024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00105_.WMF | size = 896 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00122_.WMF | size = 10176 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00130_.WMF | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00148_.WMF | size = 1728 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00152_.WMF | size = 1536 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00194_.WMF | size = 4000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00195_.WMF | size = 8096 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00234_.WMF | size = 9312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00242_.WMF | size = 4032 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00247_.WMF | size = 14464 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00248_.WMF | size = 1568 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00252_.WMF | size = 4736 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00254_.WMF | size = 1760 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00261_.WMF | size = 12512 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00262_.WMF | size = 2560 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00265_.WMF | size = 5760 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00267_.WMF | size = 2656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00269_.WMF | size = 5280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00270_.WMF | size = 3040 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00273_.WMF | size = 3808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00274_.WMF | size = 4192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00296_.WMF | size = 832 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00390_.WMF | size = 13120 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00392_.WMF | size = 27072 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00524_.WMF | size = 7008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00525_.WMF | size = 9600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00526_.WMF | size = 27584 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00648_.WMF | size = 11520 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00921_.WMF | size = 4416 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00923_.WMF | size = 6272 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00932_.WMF | size = 19488 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00985_.WMF | size = 3776 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOAT.WMF | size = 3360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOATINST.WMF | size = 29024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00076_.WMF | size = 1344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00078_.WMF | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00092_.WMF | size = 8000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00100_.WMF | size = 2400 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00135_.WMF | size = 1056 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00136_.WMF | size = 2176 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00145_.WMF | size = 1728 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00174_.WMF | size = 8384 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00184_.WMF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00186_.WMF | size = 12800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00200_.WMF | size = 3136 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00224_.WMF | size = 1600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00438_.WMF | size = 1216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00439_.WMF | size = 2080 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00440_.WMF | size = 5600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00441_.WMF | size = 3552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00442_.WMF | size = 2496 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00443_.WMF | size = 1696 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00444_.WMF | size = 3904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00445_.WMF | size = 3808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00453_.WMF | size = 2464 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01080_.WMF | size = 2752 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01603_.WMF | size = 7200 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01634_.WMF | size = 3520 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01635_.WMF | size = 15008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01636_.WMF | size = 1888 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF | size = 3968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01638_.WMF | size = 10560 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01639_.WMF | size = 4256 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CARBN_01.MID | size = 9344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CG1606.WMF | size = 3584 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC1.WMF | size = 2432 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC2.WMF | size = 2272 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLIP.WMF | size = 2272 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CMNTY_01.MID | size = 6976 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANE.WMF | size = 5280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANINST.WMF | size = 49568 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUP.WMF | size = 2976 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUPINST.WMF | size = 10336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00117_.WMF | size = 31136 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00121_.WMF | size = 8288 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00234_.WMF | size = 29632 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00255_.WMF | size = 2720 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00256_.WMF | size = 2848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00261_.WMF | size = 37984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00297_.WMF | size = 40032 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00372_.WMF | size = 800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00405_.WMF | size = 17600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00407_.WMF | size = 7840 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00413_.WMF | size = 43008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00414_.WMF | size = 42912 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00419_.WMF | size = 736 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00437_.WMF | size = 1952 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00448_.WMF | size = 2976 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00449_.WMF | size = 10016 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00687_.WMF | size = 20800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00705_.WMF | size = 24608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01015_.WMF | size = 2240 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01039_.WMF | size = 14848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01138_.WMF | size = 3712 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01139_.WMF | size = 3648 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01140_.WMF | size = 3648 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01143_.WMF | size = 2144 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01145_.WMF | size = 2784 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01146_.WMF | size = 2816 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01151_.WMF | size = 2976 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01152_.WMF | size = 2976 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01157_.WMF | size = 3616 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01160_.WMF | size = 2240 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01162_.WMF | size = 2304 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01163_.WMF | size = 2304 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01166_.WMF | size = 2112 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01167_.WMF | size = 2112 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01168_.WMF | size = 2016 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01169_.WMF | size = 2048 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01170_.WMF | size = 2432 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01171_.WMF | size = 2080 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01172_.WMF | size = 2240 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01173_.WMF | size = 1824 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01176_.WMF | size = 1920 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01178_.WMF | size = 3808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01179_.WMF | size = 2048 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01180_.WMF | size = 2112 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01181_.WMF | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01182_.WMF | size = 3008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01183_.WMF | size = 2304 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01186_.WMF | size = 8576 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01366_.WMF | size = 1792 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01434_.WMF | size = 928 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01585_.WMF | size = 2528 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01586_.WMF | size = 2336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01628_.WMF | size = 19072 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01629_.WMF | size = 608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01630_.WMF | size = 320 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01631_.WMF | size = 576 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01761_.WMF | size = 4160 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01772_.WMF | size = 2304 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01793_.WMF | size = 3264 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EAST_01.MID | size = 6176 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00010_.WMF | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00019_.WMF | size = 13056 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00172_.WMF | size = 2720 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00184_.WMF | size = 6976 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00006_.WMF | size = 13952 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00202_.WMF | size = 6944 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00222_.WMF | size = 12384 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00242_.WMF | size = 6784 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00319_.WMF | size = 2304 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00320_.WMF | size = 768 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00397_.WMF | size = 17312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00902_.WMF | size = 7968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EXPLR_01.MID | size = 10592 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FALL_01.MID | size = 4864 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00074_.WMF | size = 17856 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00076_.WMF | size = 12000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00077_.WMF | size = 30272 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00086_.WMF | size = 29216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00090_.WMF | size = 14208 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00096_.WMF | size = 37408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00296_.WMF | size = 15872 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00297_.WMF | size = 18208 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00306_.WMF | size = 46816 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00336_.WMF | size = 6080 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00361_.WMF | size = 4096 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00369_.WMF | size = 8576 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00382_.WMF | size = 8448 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00397_.WMF | size = 10848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00403_.WMF | size = 7904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00414_.WMF | size = 11008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00419_.WMF | size = 16416 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00428_.WMF | size = 4800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00435_.WMF | size = 2112 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00438_.WMF | size = 5120 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00455_.WMF | size = 8928 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00459_.WMF | size = 17408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00543_.WMF | size = 1504 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00544_.WMF | size = 5280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00564_.WMF | size = 928 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00586_.WMF | size = 768 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00775_.WMF | size = 11168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00779_.WMF | size = 9024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00799_.WMF | size = 13984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00814_.WMF | size = 42720 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00965_.WMF | size = 15168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01074_.WMF | size = 4640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01084_.WMF | size = 2432 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01176_.WMF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01191_.WMF | size = 3968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01193_.WMF | size = 1184 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01196_.WMF | size = 2336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01548_.WMF | size = 10336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01657_.WMF | size = 30432 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01658_.WMF | size = 17952 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01659_.WMF | size = 31200 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01660_.WMF | size = 12960 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02068_.WMF | size = 2496 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02071_.WMF | size = 2208 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02075_.WMF | size = 4416 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02088_.WMF | size = 3712 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02097_.WMF | size = 1568 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02115_.WMF | size = 4672 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02116_.WMF | size = 4000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02141_.WMF | size = 2656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02153_.WMF | size = 5408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02158_.WMF | size = 1664 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02161_.WMF | size = 3136 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_01.MID | size = 12992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_02.MID | size = 9344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FLAP.WMF | size = 2080 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRDEN_01.MID | size = 7584 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRID_01.MID | size = 6336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00057_.WMF | size = 3776 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00084_.WMF | size = 2496 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00231_.WMF | size = 2240 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00235_.WMF | size = 1056 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00236_.WMF | size = 3296 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00241_.WMF | size = 1984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00260_.WMF | size = 3680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00276_.WMF | size = 3040 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00334_.WMF | size = 1536 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00443_.WMF | size = 3328 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00513_.WMF | size = 832 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00524_.WMF | size = 14720 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00526_.WMF | size = 13568 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00527_.WMF | size = 5824 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00546_.WMF | size = 3744 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00601_.WMF | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00602_.WMF | size = 1408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00612_.WMF | size = 12640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00623_.WMF | size = 10656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00625_.WMF | size = 2144 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00636_.WMF | size = 1600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00669_.WMF | size = 11520 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00681_.WMF | size = 9312 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00685_.WMF | size = 4064 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00687_.WMF | size = 4352 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00688_.WMF | size = 7104 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00693_.WMF | size = 7104 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01013_.WMF | size = 2880 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01015_.WMF | size = 1152 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01058_.WMF | size = 2784 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01065_.WMF | size = 1280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01080_.WMF | size = 5024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01242_.WMF | size = 7360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01291_.WMF | size = 15808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01329_.WMF | size = 6048 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01461_.WMF | size = 5984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01618_.WMF | size = 7328 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01759_.WMF | size = 5440 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01875_.WMF | size = 2624 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01923_.WMF | size = 26720 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02155_.WMF | size = 2720 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02166_.WMF | size = 1344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02282_.WMF | size = 7936 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02298_.WMF | size = 5568 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02312_.WMF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02313_.WMF | size = 3104 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00005_.WMF | size = 23328 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00114_.WMF | size = 22144 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00116_.WMF | size = 15872 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00172_.WMF | size = 2848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00426_.WMF | size = 68800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HTECH_01.MID | size = 7200 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00046_.WMF | size = 1184 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00118_.WMF | size = 800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00177_.WMF | size = 1088 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00204_.WMF | size = 1856 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00233_.WMF | size = 11200 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00343_.WMF | size = 1920 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00346_.WMF | size = 704 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00351_.WMF | size = 1952 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00557_.WMF | size = 9184 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00915_.WMF | size = 12768 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00919_.WMF | size = 6944 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00956_.WMF | size = 1280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00957_.WMF | size = 2976 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\INDST_01.MID | size = 8576 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0075478.GIF | size = 1248 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086384.WMF | size = 9760 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086420.WMF | size = 9600 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086424.WMF | size = 17024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086426.WMF | size = 21792 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086428.WMF | size = 35360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086432.WMF | size = 33440 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086478.WMF | size = 14176 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0089945.WMF | size = 19904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0089992.WMF | size = 15712 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090027.WMF | size = 21280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090087.WMF | size = 46944 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090089.WMF | size = 15776 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090149.WMF | size = 28224 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090390.WMF | size = 17664 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090777.WMF | size = 3360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090779.WMF | size = 1472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090781.WMF | size = 5344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090783.WMF | size = 6944 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0093905.WMF | size = 42080 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0098497.WMF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099145.JPG | size = 24768 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099146.WMF | size = 16608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099147.JPG | size = 24384 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099148.JPG | size = 18272 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099149.WMF | size = 73216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099150.JPG | size = 21920 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099151.WMF | size = 26112 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099152.JPG | size = 11712 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099153.WMF | size = 13888 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099154.JPG | size = 6944 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099155.JPG | size = 8832 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099156.JPG | size = 13984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099157.JPG | size = 9696 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099158.WMF | size = 26176 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099159.WMF | size = 27552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099160.JPG | size = 15168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099161.JPG | size = 7168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099162.JPG | size = 19680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099163.WMF | size = 22368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099164.WMF | size = 21952 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099165.JPG | size = 50496 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099166.JPG | size = 64768 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099167.JPG | size = 43968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099168.JPG | size = 20192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099169.WMF | size = 10208 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099170.WMF | size = 24320 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099171.WMF | size = 8768 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099172.WMF | size = 58272 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099173.WMF | size = 37152 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099174.WMF | size = 6240 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099175.WMF | size = 9760 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099176.WMF | size = 2496 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099177.WMF | size = 5408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099178.WMF | size = 3616 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099179.WMF | size = 9184 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099180.WMF | size = 3424 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099181.WMF | size = 1216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099182.WMF | size = 3872 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099183.WMF | size = 4960 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099184.WMF | size = 4128 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099185.JPG | size = 3296 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099186.JPG | size = 16768 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099187.JPG | size = 24544 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099188.JPG | size = 9088 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099189.JPG | size = 8096 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099190.JPG | size = 43904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099191.JPG | size = 62368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099192.GIF | size = 17984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099193.GIF | size = 35552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099194.GIF | size = 25280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099195.GIF | size = 19936 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099196.GIF | size = 14368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099197.GIF | size = 10912 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099198.GIF | size = 5280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099199.GIF | size = 33984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099200.GIF | size = 16544 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099201.GIF | size = 51424 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099202.GIF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099203.GIF | size = 3936 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099204.WMF | size = 17856 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099205.WMF | size = 17856 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101856.BMP | size = 78848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101857.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101858.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101859.BMP | size = 32000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101860.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101861.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101862.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101863.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101864.BMP | size = 32000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101865.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101866.BMP | size = 32192 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101867.BMP | size = 32640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101980.WMF | size = 16128 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102002.WMF | size = 16000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102594.WMF | size = 27008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102762.WMF | size = 11232 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102984.WMF | size = 17056 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103058.WMF | size = 17376 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103262.WMF | size = 12928 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103402.WMF | size = 44960 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103812.WMF | size = 5920 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103850.WMF | size = 23616 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105230.WMF | size = 5184 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105232.WMF | size = 5664 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105234.WMF | size = 3456 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105238.WMF | size = 17184 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105240.WMF | size = 11552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105244.WMF | size = 11232 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105246.WMF | size = 19360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105250.WMF | size = 4640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105266.WMF | size = 5920 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105272.WMF | size = 17760 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105276.WMF | size = 19264 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105280.WMF | size = 11552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105282.WMF | size = 4800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105286.WMF | size = 6592 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105288.WMF | size = 15840 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105292.WMF | size = 14880 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105294.WMF | size = 5536 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105298.WMF | size = 6336 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105306.WMF | size = 4352 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105320.WMF | size = 2048 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105328.WMF | size = 8000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105332.WMF | size = 10528 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105336.WMF | size = 2912 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105338.WMF | size = 11616 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105348.WMF | size = 17088 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105360.WMF | size = 8864 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105368.WMF | size = 12384 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105376.WMF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105378.WMF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105380.WMF | size = 4640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105384.WMF | size = 5888 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105386.WMF | size = 5984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105388.WMF | size = 8256 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105390.WMF | size = 4960 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105396.WMF | size = 11040 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105398.WMF | size = 3360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105410.WMF | size = 20448 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105412.WMF | size = 9408 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105414.WMF | size = 6272 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105490.WMF | size = 18752 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105496.WMF | size = 5184 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105502.WMF | size = 5504 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105504.WMF | size = 4160 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105506.WMF | size = 2944 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105520.WMF | size = 31840 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105526.WMF | size = 17344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105530.WMF | size = 7392 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105588.WMF | size = 21568 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105600.WMF | size = 8704 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105638.WMF | size = 10368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105710.WMF | size = 13824 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105846.WMF | size = 8256 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105912.WMF | size = 11744 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105974.WMF | size = 4640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106020.WMF | size = 10080 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106124.WMF | size = 5824 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106146.WMF | size = 23552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106208.WMF | size = 11904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106222.WMF | size = 19616 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106572.WMF | size = 2176 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106816.WMF | size = 3360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106958.WMF | size = 13792 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107024.WMF | size = 3040 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107026.WMF | size = 7648 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107042.WMF | size = 9056 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107090.WMF | size = 14144 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107130.WMF | size = 27104 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107132.WMF | size = 48384 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107134.WMF | size = 48416 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107138.WMF | size = 17216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107146.WMF | size = 15008 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107148.WMF | size = 20160 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107150.WMF | size = 13472 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107152.WMF | size = 22560 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107154.WMF | size = 22304 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107158.WMF | size = 24928 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107182.WMF | size = 16128 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107188.WMF | size = 4544 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107192.WMF | size = 9984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107254.WMF | size = 20224 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107258.WMF | size = 8576 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107262.WMF | size = 8000 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107264.WMF | size = 5280 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107266.WMF | size = 5888 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107280.WMF | size = 11136 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107282.WMF | size = 14144 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107288.WMF | size = 13440 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107290.WMF | size = 12320 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107300.WMF | size = 2464 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107302.WMF | size = 4160 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107308.WMF | size = 15904 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107314.WMF | size = 10880 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107316.WMF | size = 11296 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107328.WMF | size = 6560 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107342.WMF | size = 4256 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107344.WMF | size = 5088 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107350.WMF | size = 23680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107358.WMF | size = 7968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107364.WMF | size = 16608 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107426.WMF | size = 11520 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107446.WMF | size = 30368 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107450.WMF | size = 4928 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107452.WMF | size = 21248 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107456.WMF | size = 3744 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107458.WMF | size = 3584 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107468.WMF | size = 9632 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107480.WMF | size = 6048 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107482.WMF | size = 4992 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107484.WMF | size = 3072 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107488.WMF | size = 8032 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107490.WMF | size = 16480 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107492.WMF | size = 6880 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107494.WMF | size = 6432 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107496.WMF | size = 8896 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107500.WMF | size = 4224 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107502.WMF | size = 10848 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107512.WMF | size = 11424 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107514.WMF | size = 12224 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107516.WMF | size = 14016 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107526.WMF | size = 7968 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107528.WMF | size = 6816 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107544.WMF | size = 26784 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107658.WMF | size = 7104 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107708.WMF | size = 4832 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107712.WMF | size = 4640 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107718.WMF | size = 3808 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107722.WMF | size = 8288 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107724.WMF | size = 7040 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107728.WMF | size = 5504 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107730.WMF | size = 3072 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107734.WMF | size = 3168 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107742.WMF | size = 3648 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107744.WMF | size = 5024 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107746.WMF | size = 4800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107748.WMF | size = 8256 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107750.WMF | size = 4736 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0136865.WMF | size = 16736 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0144773.JPG | size = 40256 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145168.JPG | size = 33664 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145212.JPG | size = 61664 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145272.JPG | size = 49248 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145361.JPG | size = 21152 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145373.JPG | size = 17888 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145669.JPG | size = 31872 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145707.JPG | size = 36832 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145810.JPG | size = 36800 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145879.JPG | size = 35424 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145895.JPG | size = 33984 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0145904.JPG | size = 39552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0146142.JPG | size = 46528 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148309.JPG | size = 43680 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148757.JPG | size = 67552 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0148798.JPG | size = 38240 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0149018.JPG | size = 27424 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0149118.JPG | size = 64832 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0150150.WMF | size = 46432 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0150861.WMF | size = 8512 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151041.WMF | size = 4384 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151045.WMF | size = 15488 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151047.WMF | size = 18528 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151055.WMF | size = 14656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151061.WMF | size = 6784 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151063.WMF | size = 10656 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151067.WMF | size = 13216 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151073.WMF | size = 13344 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0151581.WMF | size = 10784 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0152414.WMF | size = 24864 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0152430.WMF | size = 14144 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0152432.WMF | size = 16512 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0152436.WMF | size = 11360 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0152556.WMF | size = 16448 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0152558.WMF | size = 16064 |
|
1 | |
| Write | C:\\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0152560.WMF | size = 10912 |
|
1 | |
|
For performance reasons, the remaining 3005 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Process (60)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | vssadmin delete shadows /all /quiet | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "vmickvpexchange" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "vmicguestinterface" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "vmicshutdown" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "vmicheartbeat" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "vmicrdv" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "storflt" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "vmictimesync" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "vmicvss" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQLFDLauncher" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQLSERVER" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLSERVERAGENT" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLBrowser" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLTELEMETRY" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MsDtsServer130" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SSISTELEMETRY130" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLWriter" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQL$VEEAMSQL2012" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLAgent$VEEAMSQL2012" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQL" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLAgent" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQLServerADHelper100" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQLServerOLAPService" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MsDtsServer100" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "ReportServer" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLTELEMETRY$HL" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "TMBMServer" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQL$PROGID" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQL$WOLTERSKLUWER" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLAgent$PROGID" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLAgent$WOLTERSKLUWER" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQLFDLauncher$OPTIMA" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "MSSQL$OPTIMA" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "SQLAgent$OPTIMA" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "ReportServer$OPTIMA" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "msftesql$SQLEXPRESS" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "postgresql-x64-9.4" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "WRSVC" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "KLIF" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "klpd" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "klflt" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "klbackupdisk" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "klbackupflt" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "klkbdflt" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "klmouflt"" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "klhk" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "KSDE1.0.0" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "kltap" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "TmFilter" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "TMLWCSService" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "tmusa" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "TmPreFilter" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "TMSmartRelayService" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "VSApiNt" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "TmCCSF" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "tmlisten" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "TmProxy" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "ntrtscan" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "ofcservice" | show_window = SW_HIDE |
|
1 | |
| Create | sc delete "UniFi" | show_window = SW_HIDE |
|
1 |
Module (5)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe | base_address = 0x7ff6c01f0000 |
|
1 | |
| Get Handle | c:\windows\system32\kernelbase.dll | base_address = 0x7ffc01360000 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = InitializeConditionVariable, address_out = 0x7ffc03ed87e0 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = SleepConditionVariableCS, address_out = 0x7ffc013c5f30 |
|
1 | |
| Get Address | c:\windows\system32\kernelbase.dll | function = WakeAllConditionVariable, address_out = 0x7ffc03e79a40 |
|
1 |
Process #2: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:18, Reason: Self Terminated |
| Monitor Duration | 00:00:21 |
| Remarks | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb68 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B0
0x
1314
0x
134C
0x
1358
0x
135C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000e59b000000 | 0xe59b000000 | 0xe59b01ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e59b000000 | 0xe59b000000 | 0xe59b00ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000e59b010000 | 0xe59b010000 | 0xe59b016fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e59b020000 | 0xe59b020000 | 0xe59b033fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000e59b040000 | 0xe59b040000 | 0xe59b0bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e59b0c0000 | 0xe59b0c0000 | 0xe59b0c3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000e59b0d0000 | 0xe59b0d0000 | 0xe59b0d0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000e59b0e0000 | 0xe59b0e0000 | 0xe59b0e1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000e59b0f0000 | 0xe59b0f0000 | 0xe59b0f6fff | Private Memory | Readable, Writable |
|
|
|
- |
| vssadmin.exe.mui | 0xe59b100000 | 0xe59b10cfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000e59b110000 | 0xe59b110000 | 0xe59b110fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000e59b120000 | 0xe59b120000 | 0xe59b120fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000e59b130000 | 0xe59b130000 | 0xe59b13ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e59b140000 | 0xe59b140000 | 0xe59b140fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000e59b150000 | 0xe59b150000 | 0xe59b24ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xe59b250000 | 0xe59b30dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000e59b310000 | 0xe59b310000 | 0xe59b38ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e59b390000 | 0xe59b390000 | 0xe59b517fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000e59b520000 | 0xe59b520000 | 0xe59b6a0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000e59b6b0000 | 0xe59b6b0000 | 0xe59caaffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000e59cab0000 | 0xe59cab0000 | 0xe59cab0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| sortdefault.nls | 0xe59cac0000 | 0xe59cdf6fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000e59ce00000 | 0xe59ce00000 | 0xe59ce7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffe50000 | 0x7df5ffe50000 | 0x7ff5ffe4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff68a8d0000 | 0x7ff68a8d0000 | 0x7ff68a9cffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff68a9d0000 | 0x7ff68a9d0000 | 0x7ff68a9f2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff68a9f8000 | 0x7ff68a9f8000 | 0x7ff68a9f9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff68a9fa000 | 0x7ff68a9fa000 | 0x7ff68a9fbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff68a9fc000 | 0x7ff68a9fc000 | 0x7ff68a9fdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff68a9fe000 | 0x7ff68a9fe000 | 0x7ff68a9fefff | Private Memory | Readable, Writable |
|
|
|
- |
| vssadmin.exe | 0x7ff68b6b0000 | 0x7ff68b6d7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| vsstrace.dll | 0x7ffbf9da0000 | 0x7ffbf9db7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| vssapi.dll | 0x7ffbf9dc0000 | 0x7ffbf9f42fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| atl.dll | 0x7ffbfdab0000 | 0x7ffbfdacdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rsaenh.dll | 0x7ffbffdc0000 | 0x7ffbffdf2fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptsp.dll | 0x7ffc00170000 | 0x7ffc00186fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| cryptbase.dll | 0x7ffc002e0000 | 0x7ffc002eafff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcrypt.dll | 0x7ffc006c0000 | 0x7ffc006e7fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| bcryptprimitives.dll | 0x7ffc006f0000 | 0x7ffc0075afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel.appcore.dll | 0x7ffc00910000 | 0x7ffc0091efff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| clbcatq.dll | 0x7ffc01540000 | 0x7ffc015e4fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| imm32.dll | 0x7ffc015f0000 | 0x7ffc01625fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| advapi32.dll | 0x7ffc01640000 | 0x7ffc016e5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| combase.dll | 0x7ffc018a0000 | 0x7ffc01b1bfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| user32.dll | 0x7ffc01f00000 | 0x7ffc0204dfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| nsi.dll | 0x7ffc02050000 | 0x7ffc02057fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msctf.dll | 0x7ffc02160000 | 0x7ffc022bbfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| gdi32.dll | 0x7ffc037f0000 | 0x7ffc03974fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ws2_32.dll | 0x7ffc03980000 | 0x7ffc039e8fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| shlwapi.dll | 0x7ffc03a50000 | 0x7ffc03aa0fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| oleaut32.dll | 0x7ffc03d00000 | 0x7ffc03dbdfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Process #4: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "vmickvpexchange" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:18, Reason: Self Terminated |
| Monitor Duration | 00:00:21 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8d4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
4D0
0x
1220
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000008e19e70000 | 0x8e19e70000 | 0x8e19e8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000008e19e70000 | 0x8e19e70000 | 0x8e19e7ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000008e19e80000 | 0x8e19e80000 | 0x8e19e86fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000008e19e90000 | 0x8e19e90000 | 0x8e19ea3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000008e19eb0000 | 0x8e19eb0000 | 0x8e19f2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000008e19f30000 | 0x8e19f30000 | 0x8e19f33fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000008e19f40000 | 0x8e19f40000 | 0x8e19f40fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000008e19f50000 | 0x8e19f50000 | 0x8e19f51fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x8e19f60000 | 0x8e1a01dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000008e1a020000 | 0x8e1a020000 | 0x8e1a09ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000008e1a0a0000 | 0x8e1a0a0000 | 0x8e1a0a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x8e1a0b0000 | 0x8e1a0c1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000008e1a110000 | 0x8e1a110000 | 0x8e1a20ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000008e1a280000 | 0x8e1a280000 | 0x8e1a28ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff490000 | 0x7df5ff490000 | 0x7ff5ff48ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a530000 | 0x7ff67a530000 | 0x7ff67a62ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a630000 | 0x7ff67a630000 | 0x7ff67a652fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a658000 | 0x7ff67a658000 | 0x7ff67a658fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a65c000 | 0x7ff67a65c000 | 0x7ff67a65dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a65e000 | 0x7ff67a65e000 | 0x7ff67a65ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = vmickvpexchange |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #5: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "vmicguestinterface" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:18, Reason: Self Terminated |
| Monitor Duration | 00:00:21 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xafc |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A38
0x
1104
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000005e92280000 | 0x5e92280000 | 0x5e9229ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000005e92280000 | 0x5e92280000 | 0x5e9228ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000005e92290000 | 0x5e92290000 | 0x5e92296fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000005e922a0000 | 0x5e922a0000 | 0x5e922b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000005e922c0000 | 0x5e922c0000 | 0x5e9233ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000005e92340000 | 0x5e92340000 | 0x5e92343fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000005e92350000 | 0x5e92350000 | 0x5e92350fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000005e92360000 | 0x5e92360000 | 0x5e92361fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000005e92370000 | 0x5e92370000 | 0x5e92376fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000005e92380000 | 0x5e92380000 | 0x5e9247ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x5e92480000 | 0x5e9253dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000005e92540000 | 0x5e92540000 | 0x5e925bffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x5e925c0000 | 0x5e925d1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000005e92640000 | 0x5e92640000 | 0x5e9264ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff540000 | 0x7df5ff540000 | 0x7ff5ff53ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a360000 | 0x7ff67a360000 | 0x7ff67a45ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a460000 | 0x7ff67a460000 | 0x7ff67a482fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a48b000 | 0x7ff67a48b000 | 0x7ff67a48cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a48d000 | 0x7ff67a48d000 | 0x7ff67a48efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a48f000 | 0x7ff67a48f000 | 0x7ff67a48ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = vmicguestinterface |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #6: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "vmicshutdown" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4cc |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
158
0x
1148
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000ed8e170000 | 0xed8e170000 | 0xed8e18ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ed8e170000 | 0xed8e170000 | 0xed8e17ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ed8e180000 | 0xed8e180000 | 0xed8e186fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ed8e190000 | 0xed8e190000 | 0xed8e1a3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ed8e1b0000 | 0xed8e1b0000 | 0xed8e22ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ed8e230000 | 0xed8e230000 | 0xed8e233fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000ed8e240000 | 0xed8e240000 | 0xed8e240fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ed8e250000 | 0xed8e250000 | 0xed8e251fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ed8e260000 | 0xed8e260000 | 0xed8e2dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ed8e2e0000 | 0xed8e2e0000 | 0xed8e3dffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xed8e3e0000 | 0xed8e49dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ed8e4a0000 | 0xed8e4a0000 | 0xed8e4a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xed8e4b0000 | 0xed8e4c1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ed8e620000 | 0xed8e620000 | 0xed8e62ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5fffd0000 | 0x7df5fffd0000 | 0x7ff5fffcffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679e70000 | 0x7ff679e70000 | 0x7ff679f6ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679f70000 | 0x7ff679f70000 | 0x7ff679f92fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff679f9b000 | 0x7ff679f9b000 | 0x7ff679f9cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679f9d000 | 0x7ff679f9d000 | 0x7ff679f9efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679f9f000 | 0x7ff679f9f000 | 0x7ff679f9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = vmicshutdown |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #7: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "vmicheartbeat" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb0c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BF8
0x
11DC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000a36db10000 | 0xa36db10000 | 0xa36db2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a36db10000 | 0xa36db10000 | 0xa36db1ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a36db20000 | 0xa36db20000 | 0xa36db26fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a36db30000 | 0xa36db30000 | 0xa36db43fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000a36db50000 | 0xa36db50000 | 0xa36dbcffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a36dbd0000 | 0xa36dbd0000 | 0xa36dbd3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000a36dbe0000 | 0xa36dbe0000 | 0xa36dbe0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000a36dbf0000 | 0xa36dbf0000 | 0xa36dbf1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xa36dc00000 | 0xa36dcbdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000a36dcc0000 | 0xa36dcc0000 | 0xa36dd3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a36dd40000 | 0xa36dd40000 | 0xa36dd46fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a36dd50000 | 0xa36dd50000 | 0xa36de4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xa36de50000 | 0xa36de61fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000a36df90000 | 0xa36df90000 | 0xa36df9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff3c0000 | 0x7df5ff3c0000 | 0x7ff5ff3bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a610000 | 0x7ff67a610000 | 0x7ff67a70ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a710000 | 0x7ff67a710000 | 0x7ff67a732fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a73b000 | 0x7ff67a73b000 | 0x7ff67a73cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a73d000 | 0x7ff67a73d000 | 0x7ff67a73dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a73e000 | 0x7ff67a73e000 | 0x7ff67a73ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = vmicheartbeat |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #8: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "vmicrdv" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:20, Reason: Self Terminated |
| Monitor Duration | 00:00:23 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb34 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B40
0x
1174
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000007a2c1a0000 | 0x7a2c1a0000 | 0x7a2c1bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000007a2c1a0000 | 0x7a2c1a0000 | 0x7a2c1affff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000007a2c1b0000 | 0x7a2c1b0000 | 0x7a2c1b6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000007a2c1c0000 | 0x7a2c1c0000 | 0x7a2c1d3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000007a2c1e0000 | 0x7a2c1e0000 | 0x7a2c25ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000007a2c260000 | 0x7a2c260000 | 0x7a2c263fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000007a2c270000 | 0x7a2c270000 | 0x7a2c270fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000007a2c280000 | 0x7a2c280000 | 0x7a2c281fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x7a2c290000 | 0x7a2c34dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007a2c350000 | 0x7a2c350000 | 0x7a2c356fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x7a2c360000 | 0x7a2c371fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007a2c3b0000 | 0x7a2c3b0000 | 0x7a2c4affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000007a2c4b0000 | 0x7a2c4b0000 | 0x7a2c52ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000007a2c610000 | 0x7a2c610000 | 0x7a2c61ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffc30000 | 0x7df5ffc30000 | 0x7ff5ffc2ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a9a0000 | 0x7ff67a9a0000 | 0x7ff67aa9ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67aaa0000 | 0x7ff67aaa0000 | 0x7ff67aac2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67aac4000 | 0x7ff67aac4000 | 0x7ff67aac4fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aacc000 | 0x7ff67aacc000 | 0x7ff67aacdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aace000 | 0x7ff67aace000 | 0x7ff67aacffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = vmicrdv |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #9: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "storflt" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:20, Reason: Self Terminated |
| Monitor Duration | 00:00:23 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb64 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
5C0
0x
1150
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000001e2fe20000 | 0x1e2fe20000 | 0x1e2fe3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000001e2fe20000 | 0x1e2fe20000 | 0x1e2fe2ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000001e2fe30000 | 0x1e2fe30000 | 0x1e2fe36fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000001e2fe40000 | 0x1e2fe40000 | 0x1e2fe53fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000001e2fe60000 | 0x1e2fe60000 | 0x1e2fedffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000001e2fee0000 | 0x1e2fee0000 | 0x1e2fee3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000001e2fef0000 | 0x1e2fef0000 | 0x1e2fef0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000001e2ff00000 | 0x1e2ff00000 | 0x1e2ff01fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000001e2ff10000 | 0x1e2ff10000 | 0x1e2ff16fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x1e2ff20000 | 0x1e2ff31fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000001e2ff50000 | 0x1e2ff50000 | 0x1e3004ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x1e30050000 | 0x1e3010dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000001e30110000 | 0x1e30110000 | 0x1e3018ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000001e302a0000 | 0x1e302a0000 | 0x1e302affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffc30000 | 0x7df5ffc30000 | 0x7ff5ffc2ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67ab80000 | 0x7ff67ab80000 | 0x7ff67ac7ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ac80000 | 0x7ff67ac80000 | 0x7ff67aca2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67acab000 | 0x7ff67acab000 | 0x7ff67acacfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67acad000 | 0x7ff67acad000 | 0x7ff67acaefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67acaf000 | 0x7ff67acaf000 | 0x7ff67acaffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = storflt |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #10: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "vmictimesync" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:19, Reason: Self Terminated |
| Monitor Duration | 00:00:22 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbd4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
770
0x
1184
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000cb45a60000 | 0xcb45a60000 | 0xcb45a7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000cb45a60000 | 0xcb45a60000 | 0xcb45a6ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000cb45a70000 | 0xcb45a70000 | 0xcb45a76fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000cb45a80000 | 0xcb45a80000 | 0xcb45a93fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000cb45aa0000 | 0xcb45aa0000 | 0xcb45b1ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000cb45b20000 | 0xcb45b20000 | 0xcb45b23fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000cb45b30000 | 0xcb45b30000 | 0xcb45b30fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000cb45b40000 | 0xcb45b40000 | 0xcb45b41fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000cb45b50000 | 0xcb45b50000 | 0xcb45b56fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000cb45b70000 | 0xcb45b70000 | 0xcb45c6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xcb45c70000 | 0xcb45d2dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000cb45d30000 | 0xcb45d30000 | 0xcb45daffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xcb45db0000 | 0xcb45dc1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000cb45f50000 | 0xcb45f50000 | 0xcb45f5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff8e0000 | 0x7df5ff8e0000 | 0x7ff5ff8dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67aba0000 | 0x7ff67aba0000 | 0x7ff67ac9ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67aca0000 | 0x7ff67aca0000 | 0x7ff67acc2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67accb000 | 0x7ff67accb000 | 0x7ff67accbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67accc000 | 0x7ff67accc000 | 0x7ff67accdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67acce000 | 0x7ff67acce000 | 0x7ff67accffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = vmictimesync |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #11: sc.exe
7
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "vmicvss" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:20, Reason: Self Terminated |
| Monitor Duration | 00:00:23 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x758 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7C8
0x
10F0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000049c5090000 | 0x49c5090000 | 0x49c50affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000049c5090000 | 0x49c5090000 | 0x49c509ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000049c50a0000 | 0x49c50a0000 | 0x49c50a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000049c50b0000 | 0x49c50b0000 | 0x49c50c3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000049c50d0000 | 0x49c50d0000 | 0x49c514ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000049c5150000 | 0x49c5150000 | 0x49c5153fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000049c5160000 | 0x49c5160000 | 0x49c5160fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000049c5170000 | 0x49c5170000 | 0x49c5171fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x49c5180000 | 0x49c523dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000049c5240000 | 0x49c5240000 | 0x49c52bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000049c52c0000 | 0x49c52c0000 | 0x49c52c6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x49c52d0000 | 0x49c52e1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000049c5320000 | 0x49c5320000 | 0x49c541ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000049c5520000 | 0x49c5520000 | 0x49c552ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff7c0000 | 0x7df5ff7c0000 | 0x7ff5ff7bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67abc0000 | 0x7ff67abc0000 | 0x7ff67acbffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67acc0000 | 0x7ff67acc0000 | 0x7ff67ace2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67ace8000 | 0x7ff67ace8000 | 0x7ff67ace8fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67acec000 | 0x7ff67acec000 | 0x7ff67acedfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67acee000 | 0x7ff67acee000 | 0x7ff67aceffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 28 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Delete | service_name = vmicvss |
|
1 | |
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #12: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQLFDLauncher" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:20, Reason: Self Terminated |
| Monitor Duration | 00:00:23 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa34 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
278
0x
12C8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000b0b06f0000 | 0xb0b06f0000 | 0xb0b070ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000b0b06f0000 | 0xb0b06f0000 | 0xb0b06fffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000b0b0700000 | 0xb0b0700000 | 0xb0b0706fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000b0b0710000 | 0xb0b0710000 | 0xb0b0723fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000b0b0730000 | 0xb0b0730000 | 0xb0b07affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000b0b07b0000 | 0xb0b07b0000 | 0xb0b07b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000b0b07c0000 | 0xb0b07c0000 | 0xb0b07c0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000b0b07d0000 | 0xb0b07d0000 | 0xb0b07d1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xb0b07e0000 | 0xb0b089dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000b0b08a0000 | 0xb0b08a0000 | 0xb0b08a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000b0b08c0000 | 0xb0b08c0000 | 0xb0b09bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000b0b09c0000 | 0xb0b09c0000 | 0xb0b0a3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xb0b0a40000 | 0xb0b0a51fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000b0b0af0000 | 0xb0b0af0000 | 0xb0b0afffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xb0b0b00000 | 0xb0b0bdefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffcb0000 | 0x7df5ffcb0000 | 0x7ff5ffcaffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a350000 | 0x7ff67a350000 | 0x7ff67a44ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a450000 | 0x7ff67a450000 | 0x7ff67a472fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a478000 | 0x7ff67a478000 | 0x7ff67a478fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a47c000 | 0x7ff67a47c000 | 0x7ff67a47dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a47e000 | 0x7ff67a47e000 | 0x7ff67a47ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #13: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQLSERVER" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x82c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B58
0x
1204
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000ad39d90000 | 0xad39d90000 | 0xad39daffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ad39d90000 | 0xad39d90000 | 0xad39d9ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ad39da0000 | 0xad39da0000 | 0xad39da6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ad39db0000 | 0xad39db0000 | 0xad39dc3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ad39dd0000 | 0xad39dd0000 | 0xad39e4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ad39e50000 | 0xad39e50000 | 0xad39e53fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000ad39e60000 | 0xad39e60000 | 0xad39e60fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ad39e70000 | 0xad39e70000 | 0xad39e71fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ad39e80000 | 0xad39e80000 | 0xad39e86fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xad39e90000 | 0xad39ea1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ad39ec0000 | 0xad39ec0000 | 0xad39fbffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xad39fc0000 | 0xad3a07dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ad3a080000 | 0xad3a080000 | 0xad3a0fffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xad3a100000 | 0xad3a1defff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ad3a200000 | 0xad3a200000 | 0xad3a20ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffa70000 | 0x7df5ffa70000 | 0x7ff5ffa6ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a880000 | 0x7ff67a880000 | 0x7ff67a97ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a980000 | 0x7ff67a980000 | 0x7ff67a9a2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a9aa000 | 0x7ff67a9aa000 | 0x7ff67a9aafff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a9ac000 | 0x7ff67a9ac000 | 0x7ff67a9adfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a9ae000 | 0x7ff67a9ae000 | 0x7ff67a9affff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #14: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLSERVERAGENT" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x518 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
244
0x
11A8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000071e3140000 | 0x71e3140000 | 0x71e315ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000071e3140000 | 0x71e3140000 | 0x71e314ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000071e3150000 | 0x71e3150000 | 0x71e3156fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000071e3160000 | 0x71e3160000 | 0x71e3173fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000071e3180000 | 0x71e3180000 | 0x71e31fffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000071e3200000 | 0x71e3200000 | 0x71e3203fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000071e3210000 | 0x71e3210000 | 0x71e3210fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000071e3220000 | 0x71e3220000 | 0x71e3221fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000071e3230000 | 0x71e3230000 | 0x71e3236fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x71e3240000 | 0x71e3251fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000071e32a0000 | 0x71e32a0000 | 0x71e339ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x71e33a0000 | 0x71e345dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000071e3460000 | 0x71e3460000 | 0x71e34dffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x71e34e0000 | 0x71e35befff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000071e3610000 | 0x71e3610000 | 0x71e361ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff2e0000 | 0x7df5ff2e0000 | 0x7ff5ff2dffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679db0000 | 0x7ff679db0000 | 0x7ff679eaffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679eb0000 | 0x7ff679eb0000 | 0x7ff679ed2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff679edb000 | 0x7ff679edb000 | 0x7ff679edcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679edd000 | 0x7ff679edd000 | 0x7ff679edefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679edf000 | 0x7ff679edf000 | 0x7ff679edffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #15: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLBrowser" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaf8 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
778
0x
10E0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000003f73150000 | 0x3f73150000 | 0x3f7316ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000003f73150000 | 0x3f73150000 | 0x3f7315ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000003f73160000 | 0x3f73160000 | 0x3f73166fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000003f73170000 | 0x3f73170000 | 0x3f73183fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000003f73190000 | 0x3f73190000 | 0x3f7320ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000003f73210000 | 0x3f73210000 | 0x3f73213fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000003f73220000 | 0x3f73220000 | 0x3f73220fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000003f73230000 | 0x3f73230000 | 0x3f73231fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x3f73240000 | 0x3f732fdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000003f73300000 | 0x3f73300000 | 0x3f73306fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000003f73320000 | 0x3f73320000 | 0x3f7341ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000003f73420000 | 0x3f73420000 | 0x3f7349ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x3f734a0000 | 0x3f7357efff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0x3f73580000 | 0x3f73591fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000003f735c0000 | 0x3f735c0000 | 0x3f735cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffe60000 | 0x7df5ffe60000 | 0x7ff5ffe5ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a5b0000 | 0x7ff67a5b0000 | 0x7ff67a6affff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a6b0000 | 0x7ff67a6b0000 | 0x7ff67a6d2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a6db000 | 0x7ff67a6db000 | 0x7ff67a6dcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a6dd000 | 0x7ff67a6dd000 | 0x7ff67a6defff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a6df000 | 0x7ff67a6df000 | 0x7ff67a6dffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #16: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLTELEMETRY" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:16, Reason: Self Terminated |
| Monitor Duration | 00:00:19 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x38c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
544
0x
11CC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000000545160000 | 0x545160000 | 0x54517ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000545160000 | 0x545160000 | 0x54516ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000545170000 | 0x545170000 | 0x545176fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000545180000 | 0x545180000 | 0x545193fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000005451a0000 | 0x5451a0000 | 0x54521ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000545220000 | 0x545220000 | 0x545223fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000545230000 | 0x545230000 | 0x545230fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000545240000 | 0x545240000 | 0x545241fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x545250000 | 0x54530dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000545310000 | 0x545310000 | 0x545316fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x545320000 | 0x545331fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000545340000 | 0x545340000 | 0x54543ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000545440000 | 0x545440000 | 0x5454bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000545580000 | 0x545580000 | 0x54558ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x545590000 | 0x54566efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffa30000 | 0x7df5ffa30000 | 0x7ff5ffa2ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67aa20000 | 0x7ff67aa20000 | 0x7ff67ab1ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ab20000 | 0x7ff67ab20000 | 0x7ff67ab42fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67ab4b000 | 0x7ff67ab4b000 | 0x7ff67ab4cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ab4d000 | 0x7ff67ab4d000 | 0x7ff67ab4efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ab4f000 | 0x7ff67ab4f000 | 0x7ff67ab4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #17: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MsDtsServer130" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x274 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
774
0x
1228
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000bcfaa00000 | 0xbcfaa00000 | 0xbcfaa1ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000bcfaa00000 | 0xbcfaa00000 | 0xbcfaa0ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000bcfaa10000 | 0xbcfaa10000 | 0xbcfaa16fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000bcfaa20000 | 0xbcfaa20000 | 0xbcfaa33fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000bcfaa40000 | 0xbcfaa40000 | 0xbcfaabffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000bcfaac0000 | 0xbcfaac0000 | 0xbcfaac3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000bcfaad0000 | 0xbcfaad0000 | 0xbcfaad0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000bcfaae0000 | 0xbcfaae0000 | 0xbcfaae1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000bcfaaf0000 | 0xbcfaaf0000 | 0xbcfab6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000bcfab70000 | 0xbcfab70000 | 0xbcfab76fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000bcfab80000 | 0xbcfab80000 | 0xbcfac7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xbcfac80000 | 0xbcfad3dfff | Memory Mapped File | Readable |
|
|
|
- |
| kernelbase.dll.mui | 0xbcfad40000 | 0xbcfae1efff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0xbcfae20000 | 0xbcfae31fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000bcfaf20000 | 0xbcfaf20000 | 0xbcfaf2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5fff50000 | 0x7df5fff50000 | 0x7ff5fff4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a230000 | 0x7ff67a230000 | 0x7ff67a32ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a330000 | 0x7ff67a330000 | 0x7ff67a352fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a35a000 | 0x7ff67a35a000 | 0x7ff67a35bfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a35c000 | 0x7ff67a35c000 | 0x7ff67a35cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a35e000 | 0x7ff67a35e000 | 0x7ff67a35ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #18: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SSISTELEMETRY130" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:01:21, Reason: Self Terminated |
| Monitor Duration | 00:00:24 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6c4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
468
0x
1224
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000081f5580000 | 0x81f5580000 | 0x81f559ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000081f5580000 | 0x81f5580000 | 0x81f558ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000081f5590000 | 0x81f5590000 | 0x81f5596fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000081f55a0000 | 0x81f55a0000 | 0x81f55b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000081f55c0000 | 0x81f55c0000 | 0x81f563ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000081f5640000 | 0x81f5640000 | 0x81f5643fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000081f5650000 | 0x81f5650000 | 0x81f5650fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000081f5660000 | 0x81f5660000 | 0x81f5661fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x81f5670000 | 0x81f572dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000081f5730000 | 0x81f5730000 | 0x81f57affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000081f57b0000 | 0x81f57b0000 | 0x81f57b6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x81f57c0000 | 0x81f57d1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000081f5860000 | 0x81f5860000 | 0x81f595ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x81f5960000 | 0x81f5a3efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000081f5a40000 | 0x81f5a40000 | 0x81f5a4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff150000 | 0x7df5ff150000 | 0x7ff5ff14ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67aa90000 | 0x7ff67aa90000 | 0x7ff67ab8ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ab90000 | 0x7ff67ab90000 | 0x7ff67abb2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67abb6000 | 0x7ff67abb6000 | 0x7ff67abb6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67abbc000 | 0x7ff67abbc000 | 0x7ff67abbdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67abbe000 | 0x7ff67abbe000 | 0x7ff67abbffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #19: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLWriter" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:54 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbc4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
620
0x
10FC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000b37e7c0000 | 0xb37e7c0000 | 0xb37e7dffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000b37e7c0000 | 0xb37e7c0000 | 0xb37e7cffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000b37e7d0000 | 0xb37e7d0000 | 0xb37e7d6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000b37e7e0000 | 0xb37e7e0000 | 0xb37e7f3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000b37e800000 | 0xb37e800000 | 0xb37e87ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000b37e880000 | 0xb37e880000 | 0xb37e883fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000b37e890000 | 0xb37e890000 | 0xb37e890fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000b37e8a0000 | 0xb37e8a0000 | 0xb37e8a1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xb37e8b0000 | 0xb37e96dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000b37e970000 | 0xb37e970000 | 0xb37e976fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xb37e980000 | 0xb37e991fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000b37e9b0000 | 0xb37e9b0000 | 0xb37eaaffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000b37eab0000 | 0xb37eab0000 | 0xb37eb2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xb37eb30000 | 0xb37ec0efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000b37ed00000 | 0xb37ed00000 | 0xb37ed0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff100000 | 0x7df5ff100000 | 0x7ff5ff0fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a7e0000 | 0x7ff67a7e0000 | 0x7ff67a8dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a8e0000 | 0x7ff67a8e0000 | 0x7ff67a902fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a90b000 | 0x7ff67a90b000 | 0x7ff67a90bfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a90c000 | 0x7ff67a90c000 | 0x7ff67a90dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a90e000 | 0x7ff67a90e000 | 0x7ff67a90ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #20: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #20 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQL$VEEAMSQL2012" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:54 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x6c8 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
298
0x
126C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000000e19ae0000 | 0xe19ae0000 | 0xe19afffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000e19ae0000 | 0xe19ae0000 | 0xe19aeffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000e19af0000 | 0xe19af0000 | 0xe19af6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000e19b00000 | 0xe19b00000 | 0xe19b13fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000e19b20000 | 0xe19b20000 | 0xe19b9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000e19ba0000 | 0xe19ba0000 | 0xe19ba3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000e19bb0000 | 0xe19bb0000 | 0xe19bb0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000e19bc0000 | 0xe19bc0000 | 0xe19bc1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xe19bd0000 | 0xe19c8dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000e19c90000 | 0xe19c90000 | 0xe19d0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000e19d10000 | 0xe19d10000 | 0xe19d16fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000e19d20000 | 0xe19d20000 | 0xe19e1ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xe19e20000 | 0xe19efefff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0xe19f00000 | 0xe19f11fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000e19ff0000 | 0xe19ff0000 | 0xe19ffffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff550000 | 0x7df5ff550000 | 0x7ff5ff54ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67ab40000 | 0x7ff67ab40000 | 0x7ff67ac3ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ac40000 | 0x7ff67ac40000 | 0x7ff67ac62fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67ac67000 | 0x7ff67ac67000 | 0x7ff67ac67fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ac6c000 | 0x7ff67ac6c000 | 0x7ff67ac6dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ac6e000 | 0x7ff67ac6e000 | 0x7ff67ac6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #37: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLAgent$VEEAMSQL2012" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xcfc |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D00
0x
12FC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000007435aa0000 | 0x7435aa0000 | 0x7435abffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000007435aa0000 | 0x7435aa0000 | 0x7435aaffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000007435ab0000 | 0x7435ab0000 | 0x7435ab6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000007435ac0000 | 0x7435ac0000 | 0x7435ad3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000007435ae0000 | 0x7435ae0000 | 0x7435b5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000007435b60000 | 0x7435b60000 | 0x7435b63fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000007435b70000 | 0x7435b70000 | 0x7435b70fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000007435b80000 | 0x7435b80000 | 0x7435b81fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000007435b90000 | 0x7435b90000 | 0x7435b96fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x7435ba0000 | 0x7435bb1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007435be0000 | 0x7435be0000 | 0x7435cdffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x7435ce0000 | 0x7435d9dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007435da0000 | 0x7435da0000 | 0x7435e1ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x7435e20000 | 0x7435efefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007435fa0000 | 0x7435fa0000 | 0x7435faffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff1d0000 | 0x7df5ff1d0000 | 0x7ff5ff1cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679ec0000 | 0x7ff679ec0000 | 0x7ff679fbffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679fc0000 | 0x7ff679fc0000 | 0x7ff679fe2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff679feb000 | 0x7ff679feb000 | 0x7ff679fecfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679fed000 | 0x7ff679fed000 | 0x7ff679fedfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679fee000 | 0x7ff679fee000 | 0x7ff679feffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #38: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQL" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd04 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D08
0x
1260
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000675c1b0000 | 0x675c1b0000 | 0x675c1cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000675c1b0000 | 0x675c1b0000 | 0x675c1bffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000675c1c0000 | 0x675c1c0000 | 0x675c1c6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000675c1d0000 | 0x675c1d0000 | 0x675c1e3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000675c1f0000 | 0x675c1f0000 | 0x675c26ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000675c270000 | 0x675c270000 | 0x675c273fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000675c280000 | 0x675c280000 | 0x675c280fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000675c290000 | 0x675c290000 | 0x675c291fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x675c2a0000 | 0x675c35dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000675c360000 | 0x675c360000 | 0x675c366fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x675c370000 | 0x675c381fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000675c3c0000 | 0x675c3c0000 | 0x675c4bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000675c4c0000 | 0x675c4c0000 | 0x675c53ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x675c540000 | 0x675c61efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000675c670000 | 0x675c670000 | 0x675c67ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff4d0000 | 0x7df5ff4d0000 | 0x7ff5ff4cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a9b0000 | 0x7ff67a9b0000 | 0x7ff67aaaffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67aab0000 | 0x7ff67aab0000 | 0x7ff67aad2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67aadb000 | 0x7ff67aadb000 | 0x7ff67aadcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aadd000 | 0x7ff67aadd000 | 0x7ff67aadefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aadf000 | 0x7ff67aadf000 | 0x7ff67aadffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #39: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLAgent" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd0c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D10
0x
1304
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000722bc00000 | 0x722bc00000 | 0x722bc1ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000722bc00000 | 0x722bc00000 | 0x722bc0ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000722bc10000 | 0x722bc10000 | 0x722bc16fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000722bc20000 | 0x722bc20000 | 0x722bc33fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000722bc40000 | 0x722bc40000 | 0x722bcbffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000722bcc0000 | 0x722bcc0000 | 0x722bcc3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000722bcd0000 | 0x722bcd0000 | 0x722bcd0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000722bce0000 | 0x722bce0000 | 0x722bce1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000722bcf0000 | 0x722bcf0000 | 0x722bcf6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x722bd00000 | 0x722bd11fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000722bd30000 | 0x722bd30000 | 0x722be2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x722be30000 | 0x722beedfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000722bef0000 | 0x722bef0000 | 0x722bf6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x722bf70000 | 0x722c04efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000722c140000 | 0x722c140000 | 0x722c14ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffd00000 | 0x7df5ffd00000 | 0x7ff5ffcfffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a120000 | 0x7ff67a120000 | 0x7ff67a21ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a220000 | 0x7ff67a220000 | 0x7ff67a242fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a24b000 | 0x7ff67a24b000 | 0x7ff67a24cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a24d000 | 0x7ff67a24d000 | 0x7ff67a24efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a24f000 | 0x7ff67a24f000 | 0x7ff67a24ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #40: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQLServerADHelper100" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd14 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D18
0x
1300
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000fc42110000 | 0xfc42110000 | 0xfc4212ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fc42110000 | 0xfc42110000 | 0xfc4211ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000fc42120000 | 0xfc42120000 | 0xfc42126fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fc42130000 | 0xfc42130000 | 0xfc42143fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000fc42150000 | 0xfc42150000 | 0xfc421cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fc421d0000 | 0xfc421d0000 | 0xfc421d3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000fc421e0000 | 0xfc421e0000 | 0xfc421e0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000fc421f0000 | 0xfc421f0000 | 0xfc421f1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xfc42200000 | 0xfc422bdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fc422c0000 | 0xfc422c0000 | 0xfc422c6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000fc422d0000 | 0xfc422d0000 | 0xfc423cffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000fc423d0000 | 0xfc423d0000 | 0xfc4244ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xfc42450000 | 0xfc4252efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fc42540000 | 0xfc42540000 | 0xfc4254ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xfc42550000 | 0xfc42561fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff060000 | 0x7df5ff060000 | 0x7ff5ff05ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679ed0000 | 0x7ff679ed0000 | 0x7ff679fcffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679fd0000 | 0x7ff679fd0000 | 0x7ff679ff2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff679ffb000 | 0x7ff679ffb000 | 0x7ff679ffcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679ffd000 | 0x7ff679ffd000 | 0x7ff679ffefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679fff000 | 0x7ff679fff000 | 0x7ff679ffffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #41: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQLServerOLAPService" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd1c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D20
0x
1308
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000008402e70000 | 0x8402e70000 | 0x8402e8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000008402e70000 | 0x8402e70000 | 0x8402e7ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000008402e80000 | 0x8402e80000 | 0x8402e86fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000008402e90000 | 0x8402e90000 | 0x8402ea3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000008402eb0000 | 0x8402eb0000 | 0x8402f2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000008402f30000 | 0x8402f30000 | 0x8402f33fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000008402f40000 | 0x8402f40000 | 0x8402f40fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000008402f50000 | 0x8402f50000 | 0x8402f51fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x8402f60000 | 0x840301dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000008403020000 | 0x8403020000 | 0x840309ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084030a0000 | 0x84030a0000 | 0x84030a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084030c0000 | 0x84030c0000 | 0x84031bffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x84031c0000 | 0x84031d1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000084031f0000 | 0x84031f0000 | 0x84031fffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x8403200000 | 0x84032defff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff680000 | 0x7df5ff680000 | 0x7ff5ff67ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a480000 | 0x7ff67a480000 | 0x7ff67a57ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a580000 | 0x7ff67a580000 | 0x7ff67a5a2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a5a8000 | 0x7ff67a5a8000 | 0x7ff67a5a8fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a5ac000 | 0x7ff67a5ac000 | 0x7ff67a5adfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a5ae000 | 0x7ff67a5ae000 | 0x7ff67a5affff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #42: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #42 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MsDtsServer100" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd24 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D28
0x
130C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000053fc8f0000 | 0x53fc8f0000 | 0x53fc90ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000053fc8f0000 | 0x53fc8f0000 | 0x53fc8fffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000053fc900000 | 0x53fc900000 | 0x53fc90ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000053fc910000 | 0x53fc910000 | 0x53fc923fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000053fc930000 | 0x53fc930000 | 0x53fc9affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000053fc9b0000 | 0x53fc9b0000 | 0x53fc9b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000053fc9c0000 | 0x53fc9c0000 | 0x53fc9c0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000053fc9d0000 | 0x53fc9d0000 | 0x53fc9d1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000053fc9e0000 | 0x53fc9e0000 | 0x53fca5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000053fca60000 | 0x53fca60000 | 0x53fca66fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000053fca70000 | 0x53fca70000 | 0x53fca76fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000053fca90000 | 0x53fca90000 | 0x53fcb8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x53fcb90000 | 0x53fcc4dfff | Memory Mapped File | Readable |
|
|
|
- |
| kernelbase.dll.mui | 0x53fcc50000 | 0x53fcd2efff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0x53fcd30000 | 0x53fcd41fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff5c0000 | 0x7df5ff5c0000 | 0x7ff5ff5bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679dc0000 | 0x7ff679dc0000 | 0x7ff679ebffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679ec0000 | 0x7ff679ec0000 | 0x7ff679ee2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff679eea000 | 0x7ff679eea000 | 0x7ff679eebfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679eec000 | 0x7ff679eec000 | 0x7ff679eedfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679eee000 | 0x7ff679eee000 | 0x7ff679eeefff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #43: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #43 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "ReportServer" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd2c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D30
0x
1310
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000002ab8220000 | 0x2ab8220000 | 0x2ab823ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000002ab8220000 | 0x2ab8220000 | 0x2ab822ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000002ab8230000 | 0x2ab8230000 | 0x2ab8236fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000002ab8240000 | 0x2ab8240000 | 0x2ab8253fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000002ab8260000 | 0x2ab8260000 | 0x2ab82dffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000002ab82e0000 | 0x2ab82e0000 | 0x2ab82e3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000002ab82f0000 | 0x2ab82f0000 | 0x2ab82f0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000002ab8300000 | 0x2ab8300000 | 0x2ab8301fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x2ab8310000 | 0x2ab83cdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000002ab83d0000 | 0x2ab83d0000 | 0x2ab844ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000002ab8450000 | 0x2ab8450000 | 0x2ab8456fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000002ab8460000 | 0x2ab8460000 | 0x2ab855ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x2ab8560000 | 0x2ab8571fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000002ab8600000 | 0x2ab8600000 | 0x2ab860ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x2ab8610000 | 0x2ab86eefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffdd0000 | 0x7df5ffdd0000 | 0x7ff5ffdcffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a910000 | 0x7ff67a910000 | 0x7ff67aa0ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67aa10000 | 0x7ff67aa10000 | 0x7ff67aa32fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67aa3b000 | 0x7ff67aa3b000 | 0x7ff67aa3cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa3d000 | 0x7ff67aa3d000 | 0x7ff67aa3dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa3e000 | 0x7ff67aa3e000 | 0x7ff67aa3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #44: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLTELEMETRY$HL" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd34 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D38
0x
1384
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000077546f0000 | 0x77546f0000 | 0x775470ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077546f0000 | 0x77546f0000 | 0x77546fffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000007754700000 | 0x7754700000 | 0x7754706fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000007754710000 | 0x7754710000 | 0x7754723fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000007754730000 | 0x7754730000 | 0x77547affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077547b0000 | 0x77547b0000 | 0x77547b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000077547c0000 | 0x77547c0000 | 0x77547c0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000077547d0000 | 0x77547d0000 | 0x77547d1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000077547e0000 | 0x77547e0000 | 0x775485ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000007754860000 | 0x7754860000 | 0x775495ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x7754960000 | 0x7754a1dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007754a20000 | 0x7754a20000 | 0x7754a26fff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x7754a30000 | 0x7754b0efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007754b20000 | 0x7754b20000 | 0x7754b2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x7754b30000 | 0x7754b41fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff440000 | 0x7df5ff440000 | 0x7ff5ff43ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679ff0000 | 0x7ff679ff0000 | 0x7ff67a0effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a0f0000 | 0x7ff67a0f0000 | 0x7ff67a112fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a11a000 | 0x7ff67a11a000 | 0x7ff67a11afff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a11c000 | 0x7ff67a11c000 | 0x7ff67a11dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a11e000 | 0x7ff67a11e000 | 0x7ff67a11ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #45: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #45 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "TMBMServer" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd3c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D40
0x
1248
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000077e8d20000 | 0x77e8d20000 | 0x77e8d3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077e8d20000 | 0x77e8d20000 | 0x77e8d2ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000077e8d30000 | 0x77e8d30000 | 0x77e8d36fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077e8d40000 | 0x77e8d40000 | 0x77e8d53fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000077e8d60000 | 0x77e8d60000 | 0x77e8ddffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077e8de0000 | 0x77e8de0000 | 0x77e8de3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000077e8df0000 | 0x77e8df0000 | 0x77e8df0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000077e8e00000 | 0x77e8e00000 | 0x77e8e01fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x77e8e10000 | 0x77e8ecdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000077e8ed0000 | 0x77e8ed0000 | 0x77e8f4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000077e8f50000 | 0x77e8f50000 | 0x77e8f56fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x77e8f60000 | 0x77e8f71fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000077e8fb0000 | 0x77e8fb0000 | 0x77e90affff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x77e90b0000 | 0x77e918efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000077e9190000 | 0x77e9190000 | 0x77e919ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff100000 | 0x7df5ff100000 | 0x7ff5ff0fffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a6e0000 | 0x7ff67a6e0000 | 0x7ff67a7dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a7e0000 | 0x7ff67a7e0000 | 0x7ff67a802fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a804000 | 0x7ff67a804000 | 0x7ff67a804fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a80c000 | 0x7ff67a80c000 | 0x7ff67a80dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a80e000 | 0x7ff67a80e000 | 0x7ff67a80ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #46: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #46 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQL$PROGID" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd44 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D48
0x
12A8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000071f37f0000 | 0x71f37f0000 | 0x71f380ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000071f37f0000 | 0x71f37f0000 | 0x71f37fffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000071f3800000 | 0x71f3800000 | 0x71f3806fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000071f3810000 | 0x71f3810000 | 0x71f3823fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000071f3830000 | 0x71f3830000 | 0x71f38affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000071f38b0000 | 0x71f38b0000 | 0x71f38b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000071f38c0000 | 0x71f38c0000 | 0x71f38c0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000071f38d0000 | 0x71f38d0000 | 0x71f38d1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x71f38e0000 | 0x71f399dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000071f39a0000 | 0x71f39a0000 | 0x71f39a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x71f39b0000 | 0x71f39c1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000071f39e0000 | 0x71f39e0000 | 0x71f3adffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000071f3ae0000 | 0x71f3ae0000 | 0x71f3b5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000071f3c00000 | 0x71f3c00000 | 0x71f3c0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x71f3c10000 | 0x71f3ceefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff040000 | 0x7df5ff040000 | 0x7ff5ff03ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a6b0000 | 0x7ff67a6b0000 | 0x7ff67a7affff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a7b0000 | 0x7ff67a7b0000 | 0x7ff67a7d2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a7db000 | 0x7ff67a7db000 | 0x7ff67a7dcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a7dd000 | 0x7ff67a7dd000 | 0x7ff67a7defff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a7df000 | 0x7ff67a7df000 | 0x7ff67a7dffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #47: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #47 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQL$WOLTERSKLUWER" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd4c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D50
0x
12F8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000e8ffa70000 | 0xe8ffa70000 | 0xe8ffa8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e8ffa70000 | 0xe8ffa70000 | 0xe8ffa7ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000e8ffa80000 | 0xe8ffa80000 | 0xe8ffa86fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e8ffa90000 | 0xe8ffa90000 | 0xe8ffaa3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000e8ffab0000 | 0xe8ffab0000 | 0xe8ffb2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000e8ffb30000 | 0xe8ffb30000 | 0xe8ffb33fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000e8ffb40000 | 0xe8ffb40000 | 0xe8ffb40fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000e8ffb50000 | 0xe8ffb50000 | 0xe8ffb51fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xe8ffb60000 | 0xe8ffc1dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000e8ffc20000 | 0xe8ffc20000 | 0xe8ffc26fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xe8ffc30000 | 0xe8ffc41fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000e8ffc90000 | 0xe8ffc90000 | 0xe8ffd8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000e8ffd90000 | 0xe8ffd90000 | 0xe8ffe0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000e8ffed0000 | 0xe8ffed0000 | 0xe8ffedffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xe8ffee0000 | 0xe8fffbefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff590000 | 0x7df5ff590000 | 0x7ff5ff58ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a8e0000 | 0x7ff67a8e0000 | 0x7ff67a9dffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a9e0000 | 0x7ff67a9e0000 | 0x7ff67aa02fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67aa08000 | 0x7ff67aa08000 | 0x7ff67aa08fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa0c000 | 0x7ff67aa0c000 | 0x7ff67aa0dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa0e000 | 0x7ff67aa0e000 | 0x7ff67aa0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #48: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #48 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLAgent$PROGID" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd54 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D58
0x
12E8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000009b64cf0000 | 0x9b64cf0000 | 0x9b64d0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000009b64cf0000 | 0x9b64cf0000 | 0x9b64cfffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000009b64d00000 | 0x9b64d00000 | 0x9b64d06fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000009b64d10000 | 0x9b64d10000 | 0x9b64d23fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000009b64d30000 | 0x9b64d30000 | 0x9b64daffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000009b64db0000 | 0x9b64db0000 | 0x9b64db3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000009b64dc0000 | 0x9b64dc0000 | 0x9b64dc0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000009b64dd0000 | 0x9b64dd0000 | 0x9b64dd1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000009b64de0000 | 0x9b64de0000 | 0x9b64de6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x9b64df0000 | 0x9b64e01fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000009b64e10000 | 0x9b64e10000 | 0x9b64f0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x9b64f10000 | 0x9b64fcdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000009b64fd0000 | 0x9b64fd0000 | 0x9b6504ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x9b65050000 | 0x9b6512efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000009b65130000 | 0x9b65130000 | 0x9b6513ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffba0000 | 0x7df5ffba0000 | 0x7ff5ffb9ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a7f0000 | 0x7ff67a7f0000 | 0x7ff67a8effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a8f0000 | 0x7ff67a8f0000 | 0x7ff67a912fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a91b000 | 0x7ff67a91b000 | 0x7ff67a91cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a91d000 | 0x7ff67a91d000 | 0x7ff67a91efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a91f000 | 0x7ff67a91f000 | 0x7ff67a91ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #49: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #49 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLAgent$WOLTERSKLUWER" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd5c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D60
0x
1230
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000084bad10000 | 0x84bad10000 | 0x84bad2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084bad10000 | 0x84bad10000 | 0x84bad1ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084bad20000 | 0x84bad20000 | 0x84bad26fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084bad30000 | 0x84bad30000 | 0x84bad43fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000084bad50000 | 0x84bad50000 | 0x84badcffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000084badd0000 | 0x84badd0000 | 0x84badd3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000084bade0000 | 0x84bade0000 | 0x84bade0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000084badf0000 | 0x84badf0000 | 0x84badf1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x84bae00000 | 0x84baebdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000084baec0000 | 0x84baec0000 | 0x84baf3ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084baf40000 | 0x84baf40000 | 0x84baf46fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x84baf50000 | 0x84baf61fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000084bafb0000 | 0x84bafb0000 | 0x84bb0affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000084bb150000 | 0x84bb150000 | 0x84bb15ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x84bb160000 | 0x84bb23efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff860000 | 0x7df5ff860000 | 0x7ff5ff85ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a270000 | 0x7ff67a270000 | 0x7ff67a36ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a370000 | 0x7ff67a370000 | 0x7ff67a392fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a39b000 | 0x7ff67a39b000 | 0x7ff67a39cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a39d000 | 0x7ff67a39d000 | 0x7ff67a39efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a39f000 | 0x7ff67a39f000 | 0x7ff67a39ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #50: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #50 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQLFDLauncher$OPTIMA" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd64 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D68
0x
1258
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000005ad7090000 | 0x5ad7090000 | 0x5ad70affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000005ad7090000 | 0x5ad7090000 | 0x5ad709ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000005ad70a0000 | 0x5ad70a0000 | 0x5ad70a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000005ad70b0000 | 0x5ad70b0000 | 0x5ad70c3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000005ad70d0000 | 0x5ad70d0000 | 0x5ad714ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000005ad7150000 | 0x5ad7150000 | 0x5ad7153fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000005ad7160000 | 0x5ad7160000 | 0x5ad7160fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000005ad7170000 | 0x5ad7170000 | 0x5ad7171fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000005ad7180000 | 0x5ad7180000 | 0x5ad71fffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000005ad7200000 | 0x5ad7200000 | 0x5ad72fffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x5ad7300000 | 0x5ad73bdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000005ad73c0000 | 0x5ad73c0000 | 0x5ad73c6fff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x5ad73d0000 | 0x5ad74aefff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0x5ad74b0000 | 0x5ad74c1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000005ad7520000 | 0x5ad7520000 | 0x5ad752ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff160000 | 0x7df5ff160000 | 0x7ff5ff15ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67ac90000 | 0x7ff67ac90000 | 0x7ff67ad8ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ad90000 | 0x7ff67ad90000 | 0x7ff67adb2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67adb6000 | 0x7ff67adb6000 | 0x7ff67adb6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67adbc000 | 0x7ff67adbc000 | 0x7ff67adbdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67adbe000 | 0x7ff67adbe000 | 0x7ff67adbffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #51: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #51 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "MSSQL$OPTIMA" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd6c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D70
0x
12E0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000c886ee0000 | 0xc886ee0000 | 0xc886efffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000c886ee0000 | 0xc886ee0000 | 0xc886eeffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000c886ef0000 | 0xc886ef0000 | 0xc886ef6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000c886f00000 | 0xc886f00000 | 0xc886f13fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000c886f20000 | 0xc886f20000 | 0xc886f9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000c886fa0000 | 0xc886fa0000 | 0xc886fa3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000c886fb0000 | 0xc886fb0000 | 0xc886fb0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000c886fc0000 | 0xc886fc0000 | 0xc886fc1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xc886fd0000 | 0xc88708dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000c887090000 | 0xc887090000 | 0xc88710ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000c887110000 | 0xc887110000 | 0xc887116fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000c887120000 | 0xc887120000 | 0xc88721ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xc887220000 | 0xc887231fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000c887250000 | 0xc887250000 | 0xc88725ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xc887260000 | 0xc88733efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffdb0000 | 0x7df5ffdb0000 | 0x7ff5ffdaffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a000000 | 0x7ff67a000000 | 0x7ff67a0fffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a100000 | 0x7ff67a100000 | 0x7ff67a122fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a12b000 | 0x7ff67a12b000 | 0x7ff67a12cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a12d000 | 0x7ff67a12d000 | 0x7ff67a12efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a12f000 | 0x7ff67a12f000 | 0x7ff67a12ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #52: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #52 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "SQLAgent$OPTIMA" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd74 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D78
0x
1250
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000006047f50000 | 0x6047f50000 | 0x6047f6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000006047f50000 | 0x6047f50000 | 0x6047f5ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000006047f60000 | 0x6047f60000 | 0x6047f66fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000006047f70000 | 0x6047f70000 | 0x6047f83fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000006047f90000 | 0x6047f90000 | 0x604800ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000006048010000 | 0x6048010000 | 0x6048013fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000006048020000 | 0x6048020000 | 0x6048020fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000006048030000 | 0x6048030000 | 0x6048031fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x6048040000 | 0x60480fdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000006048100000 | 0x6048100000 | 0x6048106fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000006048120000 | 0x6048120000 | 0x604821ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000006048220000 | 0x6048220000 | 0x604829ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x60482a0000 | 0x60482b1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000006048320000 | 0x6048320000 | 0x604832ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x6048330000 | 0x604840efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff340000 | 0x7df5ff340000 | 0x7ff5ff33ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679f00000 | 0x7ff679f00000 | 0x7ff679ffffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a000000 | 0x7ff67a000000 | 0x7ff67a022fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a024000 | 0x7ff67a024000 | 0x7ff67a024fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a02c000 | 0x7ff67a02c000 | 0x7ff67a02dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a02e000 | 0x7ff67a02e000 | 0x7ff67a02ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #53: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #53 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "ReportServer$OPTIMA" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd7c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D80
0x
12E4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000031e9bb0000 | 0x31e9bb0000 | 0x31e9bcffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000031e9bb0000 | 0x31e9bb0000 | 0x31e9bbffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000031e9bc0000 | 0x31e9bc0000 | 0x31e9bc6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000031e9bd0000 | 0x31e9bd0000 | 0x31e9be3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000031e9bf0000 | 0x31e9bf0000 | 0x31e9c6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000031e9c70000 | 0x31e9c70000 | 0x31e9c73fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000031e9c80000 | 0x31e9c80000 | 0x31e9c80fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000031e9c90000 | 0x31e9c90000 | 0x31e9c91fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000031e9ca0000 | 0x31e9ca0000 | 0x31e9ca6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000031e9cc0000 | 0x31e9cc0000 | 0x31e9dbffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x31e9dc0000 | 0x31e9e7dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000031e9e80000 | 0x31e9e80000 | 0x31e9efffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x31e9f00000 | 0x31e9f11fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000031e9f40000 | 0x31e9f40000 | 0x31e9f4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x31e9f50000 | 0x31ea02efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff290000 | 0x7df5ff290000 | 0x7ff5ff28ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67aaa0000 | 0x7ff67aaa0000 | 0x7ff67ab9ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67aba0000 | 0x7ff67aba0000 | 0x7ff67abc2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67abcb000 | 0x7ff67abcb000 | 0x7ff67abccfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67abcd000 | 0x7ff67abcd000 | 0x7ff67abcefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67abcf000 | 0x7ff67abcf000 | 0x7ff67abcffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #54: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #54 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "msftesql$SQLEXPRESS" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd84 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D88
0x
1350
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000001863530000 | 0x1863530000 | 0x186354ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000001863530000 | 0x1863530000 | 0x186353ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000001863540000 | 0x1863540000 | 0x1863546fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000001863550000 | 0x1863550000 | 0x1863563fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000001863570000 | 0x1863570000 | 0x18635effff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000018635f0000 | 0x18635f0000 | 0x18635f3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000001863600000 | 0x1863600000 | 0x1863600fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000001863610000 | 0x1863610000 | 0x1863611fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x1863620000 | 0x18636ddfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000018636e0000 | 0x18636e0000 | 0x186375ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000001863760000 | 0x1863760000 | 0x1863766fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x1863770000 | 0x1863781fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000018637f0000 | 0x18637f0000 | 0x18638effff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x18638f0000 | 0x18639cefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000001863a50000 | 0x1863a50000 | 0x1863a5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff450000 | 0x7df5ff450000 | 0x7ff5ff44ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67aa90000 | 0x7ff67aa90000 | 0x7ff67ab8ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ab90000 | 0x7ff67ab90000 | 0x7ff67abb2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67abb9000 | 0x7ff67abb9000 | 0x7ff67abb9fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67abbc000 | 0x7ff67abbc000 | 0x7ff67abbdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67abbe000 | 0x7ff67abbe000 | 0x7ff67abbffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #55: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #55 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "postgresql-x64-9.4" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd8c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D90
0x
1380
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000f876e50000 | 0xf876e50000 | 0xf876e6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000f876e50000 | 0xf876e50000 | 0xf876e5ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000f876e60000 | 0xf876e60000 | 0xf876e66fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000f876e70000 | 0xf876e70000 | 0xf876e83fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000f876e90000 | 0xf876e90000 | 0xf876f0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000f876f10000 | 0xf876f10000 | 0xf876f13fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000f876f20000 | 0xf876f20000 | 0xf876f20fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000f876f30000 | 0xf876f30000 | 0xf876f31fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xf876f40000 | 0xf876ffdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000f877000000 | 0xf877000000 | 0xf87707ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000f877080000 | 0xf877080000 | 0xf877086fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xf877090000 | 0xf8770a1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000f8770b0000 | 0xf8770b0000 | 0xf8770bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000f877100000 | 0xf877100000 | 0xf8771fffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xf877200000 | 0xf8772defff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff740000 | 0x7df5ff740000 | 0x7ff5ff73ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a7a0000 | 0x7ff67a7a0000 | 0x7ff67a89ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a8a0000 | 0x7ff67a8a0000 | 0x7ff67a8c2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a8cb000 | 0x7ff67a8cb000 | 0x7ff67a8cbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a8cc000 | 0x7ff67a8cc000 | 0x7ff67a8cdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a8ce000 | 0x7ff67a8ce000 | 0x7ff67a8cffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #56: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #56 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "WRSVC" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd94 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
D98
0x
1348
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000077dc9e0000 | 0x77dc9e0000 | 0x77dc9fffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077dc9e0000 | 0x77dc9e0000 | 0x77dc9effff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000077dc9f0000 | 0x77dc9f0000 | 0x77dc9f6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077dca00000 | 0x77dca00000 | 0x77dca13fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000077dca20000 | 0x77dca20000 | 0x77dca9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000077dcaa0000 | 0x77dcaa0000 | 0x77dcaa3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000077dcab0000 | 0x77dcab0000 | 0x77dcab0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000077dcac0000 | 0x77dcac0000 | 0x77dcac1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x77dcad0000 | 0x77dcb8dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000077dcb90000 | 0x77dcb90000 | 0x77dcc0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000077dcc10000 | 0x77dcc10000 | 0x77dcc16fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000077dcc30000 | 0x77dcc30000 | 0x77dcd2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x77dcd30000 | 0x77dcd41fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000077dcd60000 | 0x77dcd60000 | 0x77dcd6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x77dcd70000 | 0x77dce4efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffdb0000 | 0x7df5ffdb0000 | 0x7ff5ffdaffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a300000 | 0x7ff67a300000 | 0x7ff67a3fffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a400000 | 0x7ff67a400000 | 0x7ff67a422fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a42b000 | 0x7ff67a42b000 | 0x7ff67a42cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a42d000 | 0x7ff67a42d000 | 0x7ff67a42efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a42f000 | 0x7ff67a42f000 | 0x7ff67a42ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #57: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #57 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "KLIF" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd9c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DA0
0x
1344
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000fabf170000 | 0xfabf170000 | 0xfabf18ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fabf170000 | 0xfabf170000 | 0xfabf17ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000fabf180000 | 0xfabf180000 | 0xfabf186fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fabf190000 | 0xfabf190000 | 0xfabf1a3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000fabf1b0000 | 0xfabf1b0000 | 0xfabf22ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fabf230000 | 0xfabf230000 | 0xfabf233fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000fabf240000 | 0xfabf240000 | 0xfabf240fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000fabf250000 | 0xfabf250000 | 0xfabf251fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000fabf260000 | 0xfabf260000 | 0xfabf266fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xfabf270000 | 0xfabf281fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fabf290000 | 0xfabf290000 | 0xfabf38ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xfabf390000 | 0xfabf44dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fabf450000 | 0xfabf450000 | 0xfabf4cffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xfabf4d0000 | 0xfabf5aefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fabf5b0000 | 0xfabf5b0000 | 0xfabf5bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffa20000 | 0x7df5ffa20000 | 0x7ff5ffa1ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a820000 | 0x7ff67a820000 | 0x7ff67a91ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a920000 | 0x7ff67a920000 | 0x7ff67a942fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a94b000 | 0x7ff67a94b000 | 0x7ff67a94bfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a94c000 | 0x7ff67a94c000 | 0x7ff67a94dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a94e000 | 0x7ff67a94e000 | 0x7ff67a94ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #58: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #58 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "klpd" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xda4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DA8
0x
1388
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000089ee450000 | 0x89ee450000 | 0x89ee46ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000089ee450000 | 0x89ee450000 | 0x89ee45ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000089ee460000 | 0x89ee460000 | 0x89ee466fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000089ee470000 | 0x89ee470000 | 0x89ee483fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000089ee490000 | 0x89ee490000 | 0x89ee50ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000089ee510000 | 0x89ee510000 | 0x89ee513fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000089ee520000 | 0x89ee520000 | 0x89ee520fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000089ee530000 | 0x89ee530000 | 0x89ee531fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000089ee540000 | 0x89ee540000 | 0x89ee5bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000089ee5c0000 | 0x89ee5c0000 | 0x89ee6bffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x89ee6c0000 | 0x89ee77dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000089ee780000 | 0x89ee780000 | 0x89ee786fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x89ee790000 | 0x89ee7a1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000089ee7d0000 | 0x89ee7d0000 | 0x89ee7dffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x89ee7e0000 | 0x89ee8befff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff920000 | 0x7df5ff920000 | 0x7ff5ff91ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a940000 | 0x7ff67a940000 | 0x7ff67aa3ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67aa40000 | 0x7ff67aa40000 | 0x7ff67aa62fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67aa68000 | 0x7ff67aa68000 | 0x7ff67aa68fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa6c000 | 0x7ff67aa6c000 | 0x7ff67aa6dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa6e000 | 0x7ff67aa6e000 | 0x7ff67aa6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #59: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #59 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "klflt" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdac |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DB0
0x
1374
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000008abf10000 | 0x8abf10000 | 0x8abf2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000008abf10000 | 0x8abf10000 | 0x8abf1ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000008abf20000 | 0x8abf20000 | 0x8abf26fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000008abf30000 | 0x8abf30000 | 0x8abf43fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000008abf50000 | 0x8abf50000 | 0x8abfcffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000008abfd0000 | 0x8abfd0000 | 0x8abfd3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000008abfe0000 | 0x8abfe0000 | 0x8abfe0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000008abff0000 | 0x8abff0000 | 0x8abff1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x8ac000000 | 0x8ac0bdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000008ac0c0000 | 0x8ac0c0000 | 0x8ac13ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000008ac140000 | 0x8ac140000 | 0x8ac146fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x8ac150000 | 0x8ac161fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000008ac1b0000 | 0x8ac1b0000 | 0x8ac1bffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000008ac1e0000 | 0x8ac1e0000 | 0x8ac2dffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x8ac2e0000 | 0x8ac3befff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff5b0000 | 0x7df5ff5b0000 | 0x7ff5ff5affff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a500000 | 0x7ff67a500000 | 0x7ff67a5fffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a600000 | 0x7ff67a600000 | 0x7ff67a622fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a625000 | 0x7ff67a625000 | 0x7ff67a625fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a62c000 | 0x7ff67a62c000 | 0x7ff67a62dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a62e000 | 0x7ff67a62e000 | 0x7ff67a62ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #60: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #60 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "klbackupdisk" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdb4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DB8
0x
137C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000a71a640000 | 0xa71a640000 | 0xa71a65ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a71a640000 | 0xa71a640000 | 0xa71a64ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a71a650000 | 0xa71a650000 | 0xa71a656fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a71a660000 | 0xa71a660000 | 0xa71a673fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000a71a680000 | 0xa71a680000 | 0xa71a6fffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a71a700000 | 0xa71a700000 | 0xa71a703fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000a71a710000 | 0xa71a710000 | 0xa71a710fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000a71a720000 | 0xa71a720000 | 0xa71a721fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xa71a730000 | 0xa71a7edfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000a71a7f0000 | 0xa71a7f0000 | 0xa71a7f6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xa71a800000 | 0xa71a811fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000a71a820000 | 0xa71a820000 | 0xa71a91ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a71a920000 | 0xa71a920000 | 0xa71a99ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a71aa50000 | 0xa71aa50000 | 0xa71aa5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xa71aa60000 | 0xa71ab3efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff0c0000 | 0x7df5ff0c0000 | 0x7ff5ff0bffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a040000 | 0x7ff67a040000 | 0x7ff67a13ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a140000 | 0x7ff67a140000 | 0x7ff67a162fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a165000 | 0x7ff67a165000 | 0x7ff67a165fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a16c000 | 0x7ff67a16c000 | 0x7ff67a16dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a16e000 | 0x7ff67a16e000 | 0x7ff67a16ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #61: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #61 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "klbackupflt" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdbc |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DC0
0x
12DC
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000002f91e30000 | 0x2f91e30000 | 0x2f91e4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000002f91e30000 | 0x2f91e30000 | 0x2f91e3ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000002f91e40000 | 0x2f91e40000 | 0x2f91e46fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000002f91e50000 | 0x2f91e50000 | 0x2f91e63fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000002f91e70000 | 0x2f91e70000 | 0x2f91eeffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000002f91ef0000 | 0x2f91ef0000 | 0x2f91ef3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000002f91f00000 | 0x2f91f00000 | 0x2f91f00fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000002f91f10000 | 0x2f91f10000 | 0x2f91f11fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x2f91f20000 | 0x2f91fddfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000002f91fe0000 | 0x2f91fe0000 | 0x2f920dffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000002f920e0000 | 0x2f920e0000 | 0x2f9215ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000002f92160000 | 0x2f92160000 | 0x2f92166fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000002f92180000 | 0x2f92180000 | 0x2f9218ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x2f92190000 | 0x2f9226efff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0x2f92270000 | 0x2f92281fff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffbd0000 | 0x7df5ffbd0000 | 0x7ff5ffbcffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679e80000 | 0x7ff679e80000 | 0x7ff679f7ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679f80000 | 0x7ff679f80000 | 0x7ff679fa2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff679fab000 | 0x7ff679fab000 | 0x7ff679facfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679fad000 | 0x7ff679fad000 | 0x7ff679faefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679faf000 | 0x7ff679faf000 | 0x7ff679faffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #62: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #62 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "klkbdflt" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdc4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DC8
0x
12D0
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000000d9f090000 | 0xd9f090000 | 0xd9f0affff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000d9f090000 | 0xd9f090000 | 0xd9f09ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000d9f0a0000 | 0xd9f0a0000 | 0xd9f0a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000d9f0b0000 | 0xd9f0b0000 | 0xd9f0c3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000d9f0d0000 | 0xd9f0d0000 | 0xd9f14ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000000d9f150000 | 0xd9f150000 | 0xd9f153fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000000d9f160000 | 0xd9f160000 | 0xd9f160fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000000d9f170000 | 0xd9f170000 | 0xd9f171fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xd9f180000 | 0xd9f23dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000d9f240000 | 0xd9f240000 | 0xd9f246fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xd9f250000 | 0xd9f261fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000d9f2a0000 | 0xd9f2a0000 | 0xd9f39ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000000d9f3a0000 | 0xd9f3a0000 | 0xd9f41ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xd9f420000 | 0xd9f4fefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000000d9f540000 | 0xd9f540000 | 0xd9f54ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffc80000 | 0x7df5ffc80000 | 0x7ff5ffc7ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a560000 | 0x7ff67a560000 | 0x7ff67a65ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a660000 | 0x7ff67a660000 | 0x7ff67a682fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a686000 | 0x7ff67a686000 | 0x7ff67a686fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a68c000 | 0x7ff67a68c000 | 0x7ff67a68dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a68e000 | 0x7ff67a68e000 | 0x7ff67a68ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #63: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #63 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "klmouflt"" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdcc |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DD0
0x
123C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000baace10000 | 0xbaace10000 | 0xbaace2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000baace10000 | 0xbaace10000 | 0xbaace1ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000baace20000 | 0xbaace20000 | 0xbaace26fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000baace30000 | 0xbaace30000 | 0xbaace43fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000baace50000 | 0xbaace50000 | 0xbaacecffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000baaced0000 | 0xbaaced0000 | 0xbaaced3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000baacee0000 | 0xbaacee0000 | 0xbaacee0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000baacef0000 | 0xbaacef0000 | 0xbaacef1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xbaacf00000 | 0xbaacfbdfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000baacfc0000 | 0xbaacfc0000 | 0xbaad03ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000baad040000 | 0xbaad040000 | 0xbaad046fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xbaad050000 | 0xbaad061fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000baad0b0000 | 0xbaad0b0000 | 0xbaad1affff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000baad280000 | 0xbaad280000 | 0xbaad28ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xbaad290000 | 0xbaad36efff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff510000 | 0x7df5ff510000 | 0x7ff5ff50ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a610000 | 0x7ff67a610000 | 0x7ff67a70ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a710000 | 0x7ff67a710000 | 0x7ff67a732fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a73b000 | 0x7ff67a73b000 | 0x7ff67a73cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a73d000 | 0x7ff67a73d000 | 0x7ff67a73efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a73f000 | 0x7ff67a73f000 | 0x7ff67a73ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #64: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #64 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "klhk" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdd4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DD8
0x
12D4
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000761fdc0000 | 0x761fdc0000 | 0x761fddffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000761fdc0000 | 0x761fdc0000 | 0x761fdcffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000761fdd0000 | 0x761fdd0000 | 0x761fdd6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000761fde0000 | 0x761fde0000 | 0x761fdf3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000761fe00000 | 0x761fe00000 | 0x761fe7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000761fe80000 | 0x761fe80000 | 0x761fe83fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000761fe90000 | 0x761fe90000 | 0x761fe90fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000761fea0000 | 0x761fea0000 | 0x761fea1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x761feb0000 | 0x761ff6dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000761ff70000 | 0x761ff70000 | 0x761ffeffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000761fff0000 | 0x761fff0000 | 0x761fff6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x7620000000 | 0x7620011fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007620060000 | 0x7620060000 | 0x762015ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x7620160000 | 0x762023efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000007620280000 | 0x7620280000 | 0x762028ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff220000 | 0x7df5ff220000 | 0x7ff5ff21ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a3a0000 | 0x7ff67a3a0000 | 0x7ff67a49ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a4a0000 | 0x7ff67a4a0000 | 0x7ff67a4c2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a4ca000 | 0x7ff67a4ca000 | 0x7ff67a4cbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a4cc000 | 0x7ff67a4cc000 | 0x7ff67a4cdfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a4ce000 | 0x7ff67a4ce000 | 0x7ff67a4cefff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #65: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #65 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "KSDE1.0.0" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xddc |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE0
0x
12B8
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000baefd00000 | 0xbaefd00000 | 0xbaefd1ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000baefd00000 | 0xbaefd00000 | 0xbaefd0ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000baefd10000 | 0xbaefd10000 | 0xbaefd16fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000baefd20000 | 0xbaefd20000 | 0xbaefd33fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000baefd40000 | 0xbaefd40000 | 0xbaefdbffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000baefdc0000 | 0xbaefdc0000 | 0xbaefdc3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000baefdd0000 | 0xbaefdd0000 | 0xbaefdd0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000baefde0000 | 0xbaefde0000 | 0xbaefde1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000baefdf0000 | 0xbaefdf0000 | 0xbaefdf6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xbaefe00000 | 0xbaefe11fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000baefe30000 | 0xbaefe30000 | 0xbaeff2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xbaeff30000 | 0xbaeffedfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000baefff0000 | 0xbaefff0000 | 0xbaf006ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xbaf0070000 | 0xbaf014efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000baf01b0000 | 0xbaf01b0000 | 0xbaf01bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffd40000 | 0x7df5ffd40000 | 0x7ff5ffd3ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679dc0000 | 0x7ff679dc0000 | 0x7ff679ebffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679ec0000 | 0x7ff679ec0000 | 0x7ff679ee2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff679ee4000 | 0x7ff679ee4000 | 0x7ff679ee4fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679eec000 | 0x7ff679eec000 | 0x7ff679eedfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff679eee000 | 0x7ff679eee000 | 0x7ff679eeffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #66: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #66 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "kltap" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xde4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DE8
0x
136C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000042a280000 | 0x42a280000 | 0x42a29ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000042a280000 | 0x42a280000 | 0x42a28ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000042a290000 | 0x42a290000 | 0x42a296fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000042a2a0000 | 0x42a2a0000 | 0x42a2b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000042a2c0000 | 0x42a2c0000 | 0x42a33ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000042a340000 | 0x42a340000 | 0x42a343fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000042a350000 | 0x42a350000 | 0x42a350fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000042a360000 | 0x42a360000 | 0x42a361fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x42a370000 | 0x42a42dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000042a430000 | 0x42a430000 | 0x42a436fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000042a440000 | 0x42a440000 | 0x42a53ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000042a540000 | 0x42a540000 | 0x42a5bffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x42a5c0000 | 0x42a69efff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0x42a6a0000 | 0x42a6b1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000042a7b0000 | 0x42a7b0000 | 0x42a7bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5fff50000 | 0x7df5fff50000 | 0x7ff5fff4ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a430000 | 0x7ff67a430000 | 0x7ff67a52ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a530000 | 0x7ff67a530000 | 0x7ff67a552fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a55a000 | 0x7ff67a55a000 | 0x7ff67a55bfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a55c000 | 0x7ff67a55c000 | 0x7ff67a55dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a55e000 | 0x7ff67a55e000 | 0x7ff67a55efff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #67: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #67 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "TmFilter" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdec |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DF0
0x
1378
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000ace0df0000 | 0xace0df0000 | 0xace0e0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ace0df0000 | 0xace0df0000 | 0xace0dfffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ace0e00000 | 0xace0e00000 | 0xace0e06fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ace0e10000 | 0xace0e10000 | 0xace0e23fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ace0e30000 | 0xace0e30000 | 0xace0eaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ace0eb0000 | 0xace0eb0000 | 0xace0eb3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000ace0ec0000 | 0xace0ec0000 | 0xace0ec0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ace0ed0000 | 0xace0ed0000 | 0xace0ed1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ace0ee0000 | 0xace0ee0000 | 0xace0f5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ace0f60000 | 0xace0f60000 | 0xace0f66fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ace0f70000 | 0xace0f70000 | 0xace106ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xace1070000 | 0xace112dfff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0xace1130000 | 0xace1141fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ace1200000 | 0xace1200000 | 0xace120ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xace1210000 | 0xace12eefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5fff20000 | 0x7df5fff20000 | 0x7ff5fff1ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a000000 | 0x7ff67a000000 | 0x7ff67a0fffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a100000 | 0x7ff67a100000 | 0x7ff67a122fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a12b000 | 0x7ff67a12b000 | 0x7ff67a12cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a12d000 | 0x7ff67a12d000 | 0x7ff67a12efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a12f000 | 0x7ff67a12f000 | 0x7ff67a12ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #68: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #68 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "TMLWCSService" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdf4 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DF8
0x
1340
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000a5a4ce0000 | 0xa5a4ce0000 | 0xa5a4cfffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a5a4ce0000 | 0xa5a4ce0000 | 0xa5a4ceffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a5a4cf0000 | 0xa5a4cf0000 | 0xa5a4cf6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a5a4d00000 | 0xa5a4d00000 | 0xa5a4d13fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000a5a4d20000 | 0xa5a4d20000 | 0xa5a4d9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000a5a4da0000 | 0xa5a4da0000 | 0xa5a4da3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000a5a4db0000 | 0xa5a4db0000 | 0xa5a4db0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000a5a4dc0000 | 0xa5a4dc0000 | 0xa5a4dc1fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a5a4dd0000 | 0xa5a4dd0000 | 0xa5a4e4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a5a4e50000 | 0xa5a4e50000 | 0xa5a4e56fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000a5a4e70000 | 0xa5a4e70000 | 0xa5a4f6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xa5a4f70000 | 0xa5a502dfff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0xa5a5030000 | 0xa5a5041fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000a5a50d0000 | 0xa5a50d0000 | 0xa5a50dffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xa5a50e0000 | 0xa5a51befff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff980000 | 0x7df5ff980000 | 0x7ff5ff97ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67aa50000 | 0x7ff67aa50000 | 0x7ff67ab4ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ab50000 | 0x7ff67ab50000 | 0x7ff67ab72fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67ab79000 | 0x7ff67ab79000 | 0x7ff67ab79fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ab7c000 | 0x7ff67ab7c000 | 0x7ff67ab7dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ab7e000 | 0x7ff67ab7e000 | 0x7ff67ab7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #69: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #69 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "tmusa" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xdfc |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E00
0x
1338
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000fa305b0000 | 0xfa305b0000 | 0xfa305cffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fa305b0000 | 0xfa305b0000 | 0xfa305bffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000fa305c0000 | 0xfa305c0000 | 0xfa305c6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fa305d0000 | 0xfa305d0000 | 0xfa305e3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000fa305f0000 | 0xfa305f0000 | 0xfa3066ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000fa30670000 | 0xfa30670000 | 0xfa30673fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000fa30680000 | 0xfa30680000 | 0xfa30680fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000fa30690000 | 0xfa30690000 | 0xfa30691fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000fa306a0000 | 0xfa306a0000 | 0xfa306a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xfa306b0000 | 0xfa306c1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fa306f0000 | 0xfa306f0000 | 0xfa307effff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xfa307f0000 | 0xfa308adfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fa308b0000 | 0xfa308b0000 | 0xfa3092ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xfa30930000 | 0xfa30a0efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000fa30a90000 | 0xfa30a90000 | 0xfa30a9ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff140000 | 0x7df5ff140000 | 0x7ff5ff13ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a5f0000 | 0x7ff67a5f0000 | 0x7ff67a6effff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a6f0000 | 0x7ff67a6f0000 | 0x7ff67a712fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a71b000 | 0x7ff67a71b000 | 0x7ff67a71cfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a71d000 | 0x7ff67a71d000 | 0x7ff67a71efff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a71f000 | 0x7ff67a71f000 | 0x7ff67a71ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #70: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #70 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "TmPreFilter" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe04 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E08
0x
1330
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x0000004f27570000 | 0x4f27570000 | 0x4f2758ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000004f27570000 | 0x4f27570000 | 0x4f2757ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x0000004f27580000 | 0x4f27580000 | 0x4f27586fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000004f27590000 | 0x4f27590000 | 0x4f275a3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000004f275b0000 | 0x4f275b0000 | 0x4f2762ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x0000004f27630000 | 0x4f27630000 | 0x4f27633fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x0000004f27640000 | 0x4f27640000 | 0x4f27640fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x0000004f27650000 | 0x4f27650000 | 0x4f27651fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x4f27660000 | 0x4f2771dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000004f27720000 | 0x4f27720000 | 0x4f2779ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000004f277a0000 | 0x4f277a0000 | 0x4f277a6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x4f277b0000 | 0x4f277c1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x0000004f27810000 | 0x4f27810000 | 0x4f2790ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x0000004f279c0000 | 0x4f279c0000 | 0x4f279cffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x4f279d0000 | 0x4f27aaefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffe10000 | 0x7df5ffe10000 | 0x7ff5ffe0ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67abc0000 | 0x7ff67abc0000 | 0x7ff67acbffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67acc0000 | 0x7ff67acc0000 | 0x7ff67ace2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67aceb000 | 0x7ff67aceb000 | 0x7ff67acecfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aced000 | 0x7ff67aced000 | 0x7ff67aceefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67acef000 | 0x7ff67acef000 | 0x7ff67aceffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #71: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #71 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "TMSmartRelayService" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe0c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E10
0x
131C
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000c72c400000 | 0xc72c400000 | 0xc72c41ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000c72c400000 | 0xc72c400000 | 0xc72c40ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000c72c410000 | 0xc72c410000 | 0xc72c416fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000c72c420000 | 0xc72c420000 | 0xc72c433fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000c72c440000 | 0xc72c440000 | 0xc72c4bffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000c72c4c0000 | 0xc72c4c0000 | 0xc72c4c3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000c72c4d0000 | 0xc72c4d0000 | 0xc72c4d0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000c72c4e0000 | 0xc72c4e0000 | 0xc72c4e1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xc72c4f0000 | 0xc72c5adfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000c72c5b0000 | 0xc72c5b0000 | 0xc72c5b6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xc72c5c0000 | 0xc72c5d1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000c72c620000 | 0xc72c620000 | 0xc72c71ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000c72c720000 | 0xc72c720000 | 0xc72c79ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xc72c7a0000 | 0xc72c87efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000c72c880000 | 0xc72c880000 | 0xc72c88ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff5f0000 | 0x7df5ff5f0000 | 0x7ff5ff5effff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67acb0000 | 0x7ff67acb0000 | 0x7ff67adaffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67adb0000 | 0x7ff67adb0000 | 0x7ff67add2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67addb000 | 0x7ff67addb000 | 0x7ff67addcfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67addd000 | 0x7ff67addd000 | 0x7ff67addefff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67addf000 | 0x7ff67addf000 | 0x7ff67addffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #72: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #72 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "VSApiNt" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe14 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E18
0x
1318
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000050ec780000 | 0x50ec780000 | 0x50ec79ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000050ec780000 | 0x50ec780000 | 0x50ec78ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000050ec790000 | 0x50ec790000 | 0x50ec796fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000050ec7a0000 | 0x50ec7a0000 | 0x50ec7b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000050ec7c0000 | 0x50ec7c0000 | 0x50ec83ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000050ec840000 | 0x50ec840000 | 0x50ec843fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000050ec850000 | 0x50ec850000 | 0x50ec850fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000050ec860000 | 0x50ec860000 | 0x50ec861fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x50ec870000 | 0x50ec92dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000050ec930000 | 0x50ec930000 | 0x50ec936fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x50ec940000 | 0x50ec951fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000050ec970000 | 0x50ec970000 | 0x50eca6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000050eca70000 | 0x50eca70000 | 0x50ecaeffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x50ecaf0000 | 0x50ecbcefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000050eccc0000 | 0x50eccc0000 | 0x50ecccffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff020000 | 0x7df5ff020000 | 0x7ff5ff01ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67acb0000 | 0x7ff67acb0000 | 0x7ff67adaffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67adb0000 | 0x7ff67adb0000 | 0x7ff67add2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67addb000 | 0x7ff67addb000 | 0x7ff67addbfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67addc000 | 0x7ff67addc000 | 0x7ff67adddfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67adde000 | 0x7ff67adde000 | 0x7ff67addffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #73: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #73 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "TmCCSF" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe1c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E20
0x
1364
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000d3a9180000 | 0xd3a9180000 | 0xd3a919ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d3a9180000 | 0xd3a9180000 | 0xd3a918ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d3a9190000 | 0xd3a9190000 | 0xd3a9196fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d3a91a0000 | 0xd3a91a0000 | 0xd3a91b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000d3a91c0000 | 0xd3a91c0000 | 0xd3a923ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d3a9240000 | 0xd3a9240000 | 0xd3a9243fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000d3a9250000 | 0xd3a9250000 | 0xd3a9250fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000d3a9260000 | 0xd3a9260000 | 0xd3a9261fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xd3a9270000 | 0xd3a932dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000d3a9330000 | 0xd3a9330000 | 0xd3a9336fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xd3a9340000 | 0xd3a9351fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000d3a9370000 | 0xd3a9370000 | 0xd3a946ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d3a9470000 | 0xd3a9470000 | 0xd3a94effff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xd3a94f0000 | 0xd3a95cefff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000d3a95d0000 | 0xd3a95d0000 | 0xd3a95dffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff860000 | 0x7df5ff860000 | 0x7ff5ff85ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff679ee0000 | 0x7ff679ee0000 | 0x7ff679fdffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff679fe0000 | 0x7ff679fe0000 | 0x7ff67a002fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a006000 | 0x7ff67a006000 | 0x7ff67a006fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a00c000 | 0x7ff67a00c000 | 0x7ff67a00dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a00e000 | 0x7ff67a00e000 | 0x7ff67a00ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #74: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #74 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "tmlisten" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe24 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E28
0x
1370
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000d3b7a30000 | 0xd3b7a30000 | 0xd3b7a4ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d3b7a30000 | 0xd3b7a30000 | 0xd3b7a3ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d3b7a40000 | 0xd3b7a40000 | 0xd3b7a46fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d3b7a50000 | 0xd3b7a50000 | 0xd3b7a63fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000d3b7a70000 | 0xd3b7a70000 | 0xd3b7aeffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d3b7af0000 | 0xd3b7af0000 | 0xd3b7af3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000d3b7b00000 | 0xd3b7b00000 | 0xd3b7b00fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000d3b7b10000 | 0xd3b7b10000 | 0xd3b7b11fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xd3b7b20000 | 0xd3b7bddfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000d3b7be0000 | 0xd3b7be0000 | 0xd3b7c5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d3b7c60000 | 0xd3b7c60000 | 0xd3b7d5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d3b7d60000 | 0xd3b7d60000 | 0xd3b7d66fff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xd3b7d70000 | 0xd3b7e4efff | Memory Mapped File | Readable |
|
|
|
- |
| sc.exe.mui | 0xd3b7e50000 | 0xd3b7e61fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000d3b7ee0000 | 0xd3b7ee0000 | 0xd3b7eeffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ffb60000 | 0x7df5ffb60000 | 0x7ff5ffb5ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a780000 | 0x7ff67a780000 | 0x7ff67a87ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a880000 | 0x7ff67a880000 | 0x7ff67a8a2fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a8a7000 | 0x7ff67a8a7000 | 0x7ff67a8a7fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a8ac000 | 0x7ff67a8ac000 | 0x7ff67a8adfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a8ae000 | 0x7ff67a8ae000 | 0x7ff67a8affff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #75: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #75 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "TmProxy" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe2c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E30
0x
1368
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x00000095dacf0000 | 0x95dacf0000 | 0x95dad0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000095dacf0000 | 0x95dacf0000 | 0x95dacfffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x00000095dad00000 | 0x95dad00000 | 0x95dad06fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000095dad10000 | 0x95dad10000 | 0x95dad23fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000095dad30000 | 0x95dad30000 | 0x95dadaffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00000095dadb0000 | 0x95dadb0000 | 0x95dadb3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00000095dadc0000 | 0x95dadc0000 | 0x95dadc0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00000095dadd0000 | 0x95dadd0000 | 0x95dadd1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0x95dade0000 | 0x95dae9dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000095daea0000 | 0x95daea0000 | 0x95daea6fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000095daeb0000 | 0x95daeb0000 | 0x95dafaffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00000095dafb0000 | 0x95dafb0000 | 0x95db02ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0x95db030000 | 0x95db041fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x00000095db100000 | 0x95db100000 | 0x95db10ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0x95db110000 | 0x95db1eefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffcd0000 | 0x7df5ffcd0000 | 0x7ff5ffccffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a610000 | 0x7ff67a610000 | 0x7ff67a70ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67a710000 | 0x7ff67a710000 | 0x7ff67a732fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67a733000 | 0x7ff67a733000 | 0x7ff67a733fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a73c000 | 0x7ff67a73c000 | 0x7ff67a73dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67a73e000 | 0x7ff67a73e000 | 0x7ff67a73ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #76: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #76 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "ntrtscan" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe34 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E38
0x
1244
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000ebc0a70000 | 0xebc0a70000 | 0xebc0a8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ebc0a70000 | 0xebc0a70000 | 0xebc0a7ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ebc0a80000 | 0xebc0a80000 | 0xebc0a86fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ebc0a90000 | 0xebc0a90000 | 0xebc0aa3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ebc0ab0000 | 0xebc0ab0000 | 0xebc0b2ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000ebc0b30000 | 0xebc0b30000 | 0xebc0b33fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000ebc0b40000 | 0xebc0b40000 | 0xebc0b40fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000ebc0b50000 | 0xebc0b50000 | 0xebc0b51fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ebc0b60000 | 0xebc0b60000 | 0xebc0b66fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000ebc0b80000 | 0xebc0b80000 | 0xebc0b8ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xebc0b90000 | 0xebc0ba1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ebc0bd0000 | 0xebc0bd0000 | 0xebc0ccffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xebc0cd0000 | 0xebc0d8dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000ebc0d90000 | 0xebc0d90000 | 0xebc0e0ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xebc0e10000 | 0xebc0eeefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ffe90000 | 0x7df5ffe90000 | 0x7ff5ffe8ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67ab40000 | 0x7ff67ab40000 | 0x7ff67ac3ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ac40000 | 0x7ff67ac40000 | 0x7ff67ac62fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67ac64000 | 0x7ff67ac64000 | 0x7ff67ac64fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ac6c000 | 0x7ff67ac6c000 | 0x7ff67ac6dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ac6e000 | 0x7ff67ac6e000 | 0x7ff67ac6ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #77: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #77 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "ofcservice" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe3c |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E40
0x
1360
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000cb9c2e0000 | 0xcb9c2e0000 | 0xcb9c2fffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000cb9c2e0000 | 0xcb9c2e0000 | 0xcb9c2effff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000cb9c2f0000 | 0xcb9c2f0000 | 0xcb9c2f6fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000cb9c300000 | 0xcb9c300000 | 0xcb9c313fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000cb9c320000 | 0xcb9c320000 | 0xcb9c39ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000cb9c3a0000 | 0xcb9c3a0000 | 0xcb9c3a3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000cb9c3b0000 | 0xcb9c3b0000 | 0xcb9c3b0fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000cb9c3c0000 | 0xcb9c3c0000 | 0xcb9c3c1fff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xcb9c3d0000 | 0xcb9c48dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000cb9c490000 | 0xcb9c490000 | 0xcb9c50ffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000cb9c510000 | 0xcb9c510000 | 0xcb9c516fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xcb9c520000 | 0xcb9c531fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000cb9c5a0000 | 0xcb9c5a0000 | 0xcb9c69ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xcb9c6a0000 | 0xcb9c77efff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000cb9c870000 | 0xcb9c870000 | 0xcb9c87ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x00007df5ff4a0000 | 0x7df5ff4a0000 | 0x7ff5ff49ffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67a950000 | 0x7ff67a950000 | 0x7ff67aa4ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67aa50000 | 0x7ff67aa50000 | 0x7ff67aa72fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67aa73000 | 0x7ff67aa73000 | 0x7ff67aa73fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa7c000 | 0x7ff67aa7c000 | 0x7ff67aa7dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67aa7e000 | 0x7ff67aa7e000 | 0x7ff67aa7ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Process #78: sc.exe
6
0
| Information | Value |
|---|---|
| ID | #78 |
| File Name | c:\windows\system32\sc.exe |
| Command Line | sc delete "UniFi" |
| Initial Working Directory | C:\Users\CIiHmnxMn6Ps\Desktop\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:02:51, Reason: Terminated by Timeout |
| Monitor Duration | 00:01:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe44 |
| Parent PID | 0xb14 (c:\users\ciihmnxmn6ps\desktop\f3c7a8dc83493b7257a705843ba350e171572666483de057f85f92da510f0eba.exe) |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | LHNIWSJ\CIiHmnxMn6Ps |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
E48
0x
1354
|
Region
| Name | Start VA | End VA | Type | Permissions | Monitored | Dumped | YARA | Actions |
|---|---|---|---|---|---|---|---|---|
| private_0x000000007ffe0000 | 0x7ffe0000 | 0x7ffeffff | Private Memory | Readable |
|
|
|
- |
| private_0x000000d4e0780000 | 0xd4e0780000 | 0xd4e079ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d4e0780000 | 0xd4e0780000 | 0xd4e078ffff | Pagefile Backed Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d4e0790000 | 0xd4e0790000 | 0xd4e0796fff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d4e07a0000 | 0xd4e07a0000 | 0xd4e07b3fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000d4e07c0000 | 0xd4e07c0000 | 0xd4e083ffff | Private Memory | Readable, Writable |
|
|
|
- |
| pagefile_0x000000d4e0840000 | 0xd4e0840000 | 0xd4e0843fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x000000d4e0850000 | 0xd4e0850000 | 0xd4e0850fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x000000d4e0860000 | 0xd4e0860000 | 0xd4e0861fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d4e0870000 | 0xd4e0870000 | 0xd4e096ffff | Private Memory | Readable, Writable |
|
|
|
- |
| locale.nls | 0xd4e0970000 | 0xd4e0a2dfff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000d4e0a30000 | 0xd4e0a30000 | 0xd4e0aaffff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x000000d4e0ab0000 | 0xd4e0ab0000 | 0xd4e0ab6fff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe.mui | 0xd4e0ac0000 | 0xd4e0ad1fff | Memory Mapped File | Readable |
|
|
|
- |
| private_0x000000d4e0b10000 | 0xd4e0b10000 | 0xd4e0b1ffff | Private Memory | Readable, Writable |
|
|
|
- |
| kernelbase.dll.mui | 0xd4e0b20000 | 0xd4e0bfefff | Memory Mapped File | Readable |
|
|
|
- |
| pagefile_0x00007df5ff5d0000 | 0x7df5ff5d0000 | 0x7ff5ff5cffff | Pagefile Backed Memory | - |
|
|
|
- |
| pagefile_0x00007ff67aa30000 | 0x7ff67aa30000 | 0x7ff67ab2ffff | Pagefile Backed Memory | Readable |
|
|
|
- |
| pagefile_0x00007ff67ab30000 | 0x7ff67ab30000 | 0x7ff67ab52fff | Pagefile Backed Memory | Readable |
|
|
|
- |
| private_0x00007ff67ab58000 | 0x7ff67ab58000 | 0x7ff67ab58fff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ab5c000 | 0x7ff67ab5c000 | 0x7ff67ab5dfff | Private Memory | Readable, Writable |
|
|
|
- |
| private_0x00007ff67ab5e000 | 0x7ff67ab5e000 | 0x7ff67ab5ffff | Private Memory | Readable, Writable |
|
|
|
- |
| sc.exe | 0x7ff67ae30000 | 0x7ff67ae45fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernelbase.dll | 0x7ffc01360000 | 0x7ffc0153cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| rpcrt4.dll | 0x7ffc01dd0000 | 0x7ffc01ef5fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| msvcrt.dll | 0x7ffc02060000 | 0x7ffc020fcfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| sechost.dll | 0x7ffc02100000 | 0x7ffc0215afff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| kernel32.dll | 0x7ffc03dc0000 | 0x7ffc03e6cfff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
| ntdll.dll | 0x7ffc03e70000 | 0x7ffc04031fff | Memory Mapped File | Readable, Writable, Executable |
|
|
|
- |
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 98 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\system32\sc.exe | base_address = 0x7ff67ae30000 |
|
1 |
Service (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
