ivttvf.exe
Windows Exe (x86-32)
Created at 2019-07-07T23:39:00
Monitored Processes
Behavior Information - Sequential View
Process #1: ivttvf.exe
33741
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\ivttvf.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:24, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:03, Reason: Self Terminated |
| Monitor Duration | 00:00:38 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa90 |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
A94
0x
A98
0x
AA4
0x
AA8
0x
AAC
0x
AB0
0x
AB4
0x
AB8
0x
ABC
0x
AC8
0x
ACC
0x
AD0
0x
AD4
0x
AD8
0x
ADC
0x
AF0
0x
AF4
0x
B18
0x
B28
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| ivttvf.exe | 0x00400000 | 0x00418FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe | 92.50 KB |
MD5:
b7e8e0567db150e37da87c40c51132ca
SHA1: adf32e292490aaa3487b91d7d5ff5881045e242c SHA256: fd3a4710e21b89324240728ee99cba2c71b54cfb03d4fc742b47de068e45f608 SSDeep: 1536:mBwl+KXpsqN5vlwWYyhY9S4Aziddu4MN0+MTFYzpn58div+2AaKj:Qw+asqN5aW/hL9ud8PMTFY558dGAa |
|
|
| C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btcdecoding@qq.com].dqb | 64.25 KB |
MD5:
97382c5f4d06a6c7a390152cb9dc7b7e
SHA1: 434b7fafc8757c538128c3a332e3e7bea34bfd63 SHA256: 7c31c8b0c573507426f185682bd1aea7d7fc5e0704c511092919e9dab809fc6c SSDeep: 1536:EimpL7nwgln7rs3z6xH5V1qY53QrGtRsgCMIsSRPkVtvkxZ8pW9OTpbLjR:Eicc07rsmB1qY5oPgClRPk/s86ALjR |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.76 KB |
MD5:
4df0eafff2ab95812e6a15d9030758d6
SHA1: a90484d48fc1dfd2822682adf8760e787948f2e8 SHA256: 4d6300915fe5e88185b7023cd44998b4edca24914a23623ff55c7c0c589d2b56 SSDeep: 48:csjpMMRl9bELLh5NNtxBpF9EjdAShGGiHJAe4j29dvd0:c0M6E/h/pF+jRnipca9Q |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.47 KB |
MD5:
707940816b678c03145a29bf5b5dadef
SHA1: e1899df5dd7741a81cb5e3c482d73a46464afc31 SHA256: 2b24a89628c70a5fbd782d9e9918b18f59ba3b382628b3b6ba8ff8e64bd64065 SSDeep: 48:PEEVZDJ+rBK/Li/qufTEPqYNwSka9RyWS0JmromIn89vauvO2gOj21Z9dvdW/:PfVZkIjsq65ckURG04Wn89I2gOo9q |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
88fa36a2e22608ec0f163c5dc7f1caea
SHA1: 9aea2acf02c9ac7a8028cb09465829194806d948 SHA256: db9aea4ce6e69820ba054ade053b17883bafb7a94293f727447761d46c9faf43 SSDeep: 48:+mDAqo6VZ7DG7x/UQldMiLU3rQLu3eLte4jjL9dvd2:+mDAqBZ7D9Yd1L6tufL9a |
|
|
| C:\BOOTSECT.BAK.id-9C354B42.[btcdecoding@qq.com].dqb | 8.25 KB |
MD5:
53a2cc84193e7cb9ad8dfd0083fcf85b
SHA1: 6060a1af4fce73902e0eca3464374fc5408110e4 SHA256: c3a2c04ca6f2d86a9e88745e7b0cd3ebda60b3d82ae1c7aefdee8c6113f56e3f SSDeep: 192:EKrxkCciP7BFjCzFFR8ceZRsIlCVs1sU8sp35lFRe7B6:3DPd9CJ4BJCTUb3FRuM |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.07 KB |
MD5:
d3727d7de38ce6485ac3cb9e1e0589d9
SHA1: 8e483c344188605b14dccada43b579690a43f0bf SHA256: 8b881bbca3336542c8bf74be10437a1074aaf6b73b1e550e2c9c8d9bb77492e0 SSDeep: 48:Bmh9orruGdfLBTfDrv1sWddCRT64loHUVPzFMbuSAJnOjSk9dvdW/:iorrn7fPv1LdS7M6zJO19q |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 3.36 KB |
MD5:
a9415e7f61ce2863b1f7fd9857d5f7f2
SHA1: bd18ac65d307fc2c330b89fcaa5cf91e0993cfa9 SHA256: 3275ca5b611ce7ea3094ba891cc7cdf7e424a2fda177be94daaa9fddc723b333 SSDeep: 96:vsLZN+H29W7aORib8GSOxQj8FkmBeZh998:TtRiIfOn61L9O |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 4.33 KB |
MD5:
97fda7b57866a63e7188d5a950753f34
SHA1: 3f00d9c7f8a21aaad0a9bb4ad744629ef7d7ef68 SHA256: 1b96311c6572eb1a6847a483dadbb29434b4bd0dc7a466c7b1170cdafdf6f5b1 SSDeep: 96:iK+Kp94BIiOdZtfVgsSKL9a19dF1X9URnwBzx7bMynUHBWGLVONT9q:iK+YOBIiiOQB2dfi6zxMyvcVONTg |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.80 KB |
MD5:
8f97270d014b0c774626278601b4e6cd
SHA1: 08facc5acca5d2d68c6632ce0c63d8a7d52bce8a SHA256: fee492dd09de851fb9420b23653f1620649032d039cfc2eefba1b4d771d75798 SSDeep: 48:jNInBmI6bUzTib9r9zP/Sv8bIiQb75Fo3B1iFvkOj19dvdW/:j6mDte8b1Qb75OSFvkOp9q |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.55 KB |
MD5:
19f18f4c12c55ca3339fa6b51bf83b43
SHA1: 687c7c7f9dd1b45cef681da110c0a73ff318f47e SHA256: 8c7e1a9e4da1e25580804fed148df367f2be81b5028445d0e8a43103a88ce478 SSDeep: 24:vg/jezgy8vRAvzeVMue3P4QHtOOMfioiEUy8UwTzmLVYqvCMjakN89ddRlTW/:vyuMeY3aITAzIJvNjxN89dvdW/ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
8453887d74e0c7ac4946073488e585fc
SHA1: 4236f50d86617c7277d86f75df67018b639f15ed SHA256: a91acbcf9d69c9306998cc726c72ededee3ea5ed2632dcb49e8b28edfc6c5aef SSDeep: 48:41LhXHzgMQRc+VlB6Tce/hmtFfwFAfSHl0YDNkYqo3OdjEu9dvdW/:415QFB6wODMSSYDjqo3OdQu9q |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
d7ec2d4e21a3a8c8d179e2ca82bf1e2a
SHA1: c0233797c4b26428faac3d1f29edf32dcfb72b9a SHA256: 07199a40a522df1f22c324d716943e545fb62ed92c5456b0f8c584272ff7a881 SSDeep: 48:qeUwZ/fJqKssWHdkoLIvG98qK3Da33JpXoQOze4j/9dvdM:qqFWHdkoLIv0kDw3YT9Y |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.03 KB |
MD5:
09df8dca5cfd7f2035dabc088f6b7420
SHA1: 34a92aa40aab4600b73952cc66455d1950ae2e23 SHA256: 2d99f19c187c372dbb7442820aee99b3f489530f05ece6db2cfe3769f5a89813 SSDeep: 24:tWF2Igsv11rJd1AQMJuR6Hay6VevEtM0vja5B9ddRlT0:4UsNLArJuIHa2o3vjO9dvd0 |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 5.97 KB |
MD5:
c48206288e11cc9fd27cfb98ac988859
SHA1: f0d927f598b410e085a97344e5558a587e196194 SHA256: c23aa959188c6e566ceef3505804aa2c9a38139a7e4dbad939f7968014d769e4 SSDeep: 96:V0TERwp1M4LvZJQI/FXfglt4uVcCCWInl2FbGLuqvW9zB7qD3XwhAWjAQHkzbuOE:V0wUDZv/hgltjnV4xLPq7IghYaaaObg |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
a57f543a5278a81cadc7058131702a00
SHA1: a08503721b9592aa8fee666216cd94f3c834cad6 SHA256: 0fff6cbc90b2b42a749fa80fab5b47ed2659225dce23aae8a6e165e4343fd955 SSDeep: 48:/svCpBlZ7POhSw///gvVa1tYwLJWfaxj49dvdW/:3mhN/gIDYkJWfaxM9q |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.54 KB |
MD5:
37bf0ffff04978eca391e9fd30bdd921
SHA1: fb61b257f3175b780ab4bcaaa76152fb8b83a0d8 SHA256: b43b7d5bfb35e960f6372c6b10f94f698925dd779d756265e13e4286e46ab11f SSDeep: 48:zZ7QMz+QvFEGRD4yvxmkUT1YUg9qtFbQvykAhK+v01jOU4TTQciAPXcOjMy9dvdG:mi+yhD4wTUTrAgFbQvNW5TTNioMOYy9q |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.44 KB |
MD5:
61f559a71c30765f7a0fbc4cd537bc8f
SHA1: ae2746f2876aff123f133bed95df0f9144f76463 SHA256: 1b535265980b6a934bfbf7e56c89ca1f05209b53dfbfa04e5dcde591b3d92202 SSDeep: 24:9RgqFKydiVrJmZPWNrBtaMO0GpXXFAVSICaClaDQk26b7ez/xoz0jWMZ2Ie4jaBQ:DIywVKeNrBtaMO0i0Q6bkofyre4jQT9u |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.04 KB |
MD5:
e5aced0b02d46d2aae7f5dcb3a7bfc15
SHA1: 34f130ad995c7829fd1b7d319d7ecb40de6894ff SHA256: d19435e78ca26b21b8a9043b7049c91246edcef1dff069f047c64aea59a8ee4f SSDeep: 48:lTzRrMi9PC+w98I9ApEl/n0f+PmMHmSQd6OjqB9dvdW/:lTZRkmAAI0fwHmb6Oy9q |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 6.33 KB |
MD5:
5242e537b7b2cec5f14487c1cbc5a45f
SHA1: 20f3f286aaf55334163d06ca47495331ebbedb99 SHA256: 3583d16582845a586e5e6d5d7d079418bd7703291fda88582f7bd79d81166f5c SSDeep: 192:tpqoM2NjPkK1yaRUYpUUVctpkEbMgPJjgkbO9g:tYBaKwUtvk0BBdbp |
|
|
| C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 9.51 KB |
MD5:
ed19cd63d0eb8c98b53cb791a11c737c
SHA1: 14a561ec14e3bb9a25aa6ac2f01541d589bc7f57 SHA256: 4a0914b7559bb94949283ca646b5289183128bea3c9e7d3bddadbfb62e22e8de SSDeep: 192:qSwJbvoZD0nk2epSTV+NPZAZuPxs+r98IYJI1meUxirRUaNsmhwe1BWCFq6:RKoZQnIMTV+LAAPxz98XI8eU4r79hV1j |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.81 KB |
MD5:
015786c89c0a63661039a21384d8555a
SHA1: 0eb340d0338fcc17dbc89ad287797ceac2955de2 SHA256: 56ac3f1a329714a4fc83b24ef86e2dd5a8636f44c7c25d9816f1864a6e312cfe SSDeep: 48:tSUs1I+H31vFYmxxR1E8q+ndM7HPqqIFLLje4jD9dvdI:tSTVXNyWLDq3HPqJLpf98 |
|
|
| C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.18 KB |
MD5:
8ac94053f0bf7b33893e84832fb0a8ff
SHA1: 556b7128bf103182f4b1a02d6b8e338c5ed56aaf SHA256: f0c82f879185726e1261f93d3e0b69d498599aec04ff45dd7767fecb4175d328 SSDeep: 48:hNsabwHJrwGLt6z+Dp7Ged4BgBZXYOrikeYjOjU9dvdW/:hNDbA36KpiedGg8keYjOw9q |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
2a7cf964a77c16e0e2f53acd203dd6bc
SHA1: b05aaaa6a1cf75ff56e9762dd45f904b18ffa7aa SHA256: f3d463c0bc0e3e76e37f8319fc28395f6f8540905806b59669a701b21705f993 SSDeep: 48:HnQhOuNAPJlDypAAFt+pvbO5SaQeIWlsgo3e4jY9dvdI:HnEAhlDypzGbO5vQpgo1c98 |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.60 KB |
MD5:
cf6447cc53e6b6f5c4b752bf76bc82a5
SHA1: 545091e6e3431a7925d1327b706d07c4cd134474 SHA256: 94310c9596607a5f6641a117408564e94eeb5f974d04eebb454d1a875ca74bd4 SSDeep: 48:OWyzMFYOxt7KJTSoVgolN2KfNbzXU/1e4jJ9dvdi:OWyzMFYOxtElN2Ae19u |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.99 KB |
MD5:
8870430b02d36cb7d6df074d9f1b8b37
SHA1: fb1c3e0e11902e0d492b32da7006b33d1606acba SHA256: d95fbd648c997f03af260957864ea79545482ec8fca3e174e3b308a607669096 SSDeep: 24:nT7JD7TuYUskQePkINQopMle5G+pDIftxVQatmRkqrWfZIvQe4jaUz9ddRlTK:R/esDePkINQov9oz+kqroIYe4jr9dvdK |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.14 KB |
MD5:
a29eac7c60822485ded0a7f404a376a9
SHA1: 0a3ca81b1a51f36a43c2d77780105fe0fbc035e7 SHA256: a8ede19c0aa7f649992c2658199f5b48ecaa14b129c4275c7d0b10a1ca527365 SSDeep: 24:tyAchlUI2XfLsO0+CNm/tN5R8fGBBYrXYe4jarp9ddRlTu/:tFEUIQjsVL0qGHYrXYe4jYp9dvde |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 582.61 KB |
MD5:
c0b95a7386553365a859ca71457719c8
SHA1: 1ca70916cd8aedc23518acf999198772eb643f4d SHA256: fd71d59ee2a832fa97ed94db731b1c14d8c71fcc1cd78c89efa9e60d9600bb83 SSDeep: 12288:9FXg+GjSQe5PIGYB5IW9ECWaBrCiERwFAjz802i:9FXl6WhIGzCFxERwyjAVi |
|
|
| C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.07 KB |
MD5:
63313a2f6db182ded7a0877c527ff2f7
SHA1: f67ef0e9078b737f778921a88088d9068e2c6ed4 SHA256: 8e7a67fa3022af2553bfbf077f42e958dd88fc7e4670c369a874d920c9dd2c5f SSDeep: 48:47N4cmOLUYl3SNY2iOdc7vNULWqlKbJOXuQVerCqFUAXadPx5Z+KOjP9dvdW/:44cmK3SNY2iwQUafbJYuw2JF7Ox7+KOE |
|
|
| C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.65 KB |
MD5:
1c2dc5a7b63ffb41f164daca1dcbef42
SHA1: b7f17e020740798129f1804a34346d018b2872a1 SHA256: 164daea42c1e85a01edc5063aadc5902808a719c58a9c29bb3c1540d7227b367 SSDeep: 48:CLHC2nC89C748T9RiyOgrikz61sH2tOjU9dvdW/:MsG648R9km2tOo9q |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 5.67 KB |
MD5:
26f949944af56d1f20f287033331b9a1
SHA1: 6eb82147951bfee105de5d8d191d3f1023918142 SHA256: 0c68c6f5ba5c63dea509ccc920bd34357e02aac0c7ae56fba9d49421821c2fa9 SSDeep: 96:q4N582VawqHj0LFkHIgwqzAw/6TvL9qAvXYEZNp1w/o7QYh+LuG1N/i++J9S:s2VjqHqawqzAw/6NDAMp40QYhNSiTJ4 |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.05 KB |
MD5:
5d808d9ad874e946782c39c32a36acd8
SHA1: 3c2bd45eff25169b5333bcc590974a284cc356fc SHA256: 733f0871d672d4611a1a0b405dab5000e463b82c001c1e765faf7b09603dae9b SSDeep: 24:EDbpKm/hXMZ1eYFca2FJ9RLtnRAtKOKAMo9SS2mjaMml9ddRlTMn:EDbAUC17Fca2FJvjAtKFAMo9SS2mj7mw |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btcdecoding@qq.com].dqb | 65.85 KB |
MD5:
3b891ee2d56c27be8806feace93a73ea
SHA1: c9f657a4fa46002510c6fcc0496282d04eb9899b SHA256: af317f70c6d9e07de93a06ea4dbd58a6281ca76cd6cbd3004c74f6c388c163a9 SSDeep: 1536:usvtBE/kmiQYGJ3+sAJgr4diXr3+OUqtS6Hn:pMbR3QgUdSZo6H |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 9.37 KB |
MD5:
548ae601d3693756548eaee819672e1b
SHA1: 111c35170c95825f872ed6c4ab5f91a26fee2fc2 SHA256: 423a25f42af1b83a5c07d14ced7ae57c0acbd03fa55881428ac32a038edd2e0b SSDeep: 192:FYkQFBNue41XzaROlsNzwF+eGEkWsD8TgVu4SAcuTKxzvODg:FbeeXapzwF+/Wy/cuULj |
|
|
| C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btcdecoding@qq.com].dqb | 26.79 KB |
MD5:
3c0d94abcd4b7409712a45940a0bfe32
SHA1: 7534c2685423e5bbc9604c5d2cdb01d13b4a278e SHA256: e513c3a87299d697edd34d7ac9a9eadb7f4c278698a8efd3a6e890ee7e6f8b43 SSDeep: 768:IaJQ1qbLS9VRh6Tmd/BPLC8+8yzbgeXiV:Jkln+m9B+8SzbJXiV |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.60 KB |
MD5:
17f34b0d73ba38de68ac08b4f2dd7025
SHA1: 241e2b0c33fbcb8b8f973ecf194f3b1235c73d94 SHA256: d77d1a307d0ba68eb1f5e2f8eae04287cb765e984199cc1e1874f2a6349df332 SSDeep: 48:zYFPoiKDyM8Xn2XaZtYntMHfzrwmHK5kP+h+sE98SQ0M+D3zHRF3cgOj0e9dvdW/:Et1KOh2qZtT7MmHK5xEul0M+D3bTcgOA |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 582.61 KB |
MD5:
a5d2acf8ea4118fd50216903450fb231
SHA1: 56af74edb3957242f85a75089606270badca104a SHA256: 72da43389e870781aab328d58a5e781456357d386b59c9640411ba192b45ff41 SSDeep: 12288:ekwBL1WCONZUwv+DP3X08mun7erLeWggqglwpBS/gVWeP/PA:32L1Rtwv+rn0Me/7gQcBYgVn/4 |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.05 KB |
MD5:
7d8cfa1d93d88dd5aacb160801202f99
SHA1: 8de7803f3bf77280fb486df59e50086e06b0a99c SHA256: a5a4534bc8a6bdaccdf7152b4c7f24b08e330be9308cbed49fccc72ed3df37cf SSDeep: 24:K5ZpzGp1WJm2v7pe5DawIbcFqnrvd4NtG/NzeeBWS2mjaEx9ddRlTMn:K5ZIXW9v7ul+eqnrvd4NtG1eu2mjLx9Y |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 2.80 KB |
MD5:
2d3a7c617e7f8b965f24b80cab01b0ef
SHA1: b62eb1a3b0ef748f96eae653f009f16b0a422749 SHA256: cb12adb6cd35762d9ca1c23f569c4dc7b7ddc0451f054dd00d76dad30be30a56 SSDeep: 48:xX4izCvlVBo/HuSVvrInIv3C0L+kdJT4wZV6Hl+WABPT4OYKZdO2EhW3Oj79dvdG:x1cBGuSVD4IvyIBTrIHIWKT1dOY3OP9q |
|
|
| C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 1.56 KB |
MD5:
898dd017a51b72c2e2dcc7e8689fbbd7
SHA1: ea0f46f2d1b71928a955490963d1f87279d212b0 SHA256: 19153b58a07733c9ba0adaf866d72f3d4c19dfe8ead1f37f3ff96635b63f006e SSDeep: 48:Bch2GJFIwHEuZTc1KQyVxYZoNsZTQHxcve4jkS9dvde:EKwkuZw1qVx4ZT8619S |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 4.42 KB |
MD5:
386b9a64439bdd37013aa71cb99e8a65
SHA1: 8452524dab9739e2cef43cebf980aaae10a271a8 SHA256: 57aee949b4349dbb69be2ed32c0916313b54f6fc97c99ed2630321b01de15498 SSDeep: 96:jZjHsC6hOauVyNJmZZlZNOybhEm17XrvOE25PoSVVp9SE9lYpzKEFNTkPX798:EOau8mNZ5bKm177qVVp95VEFKX7O |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 6.51 KB |
MD5:
c5f4c6d0b034031aece302fb97d42f3e
SHA1: a516515101e8e2c70039a088b976778b880c61ba SHA256: 985848bfd193f1b044e9636550861a75c859d635dc406c8dab753f366ef1302e SSDeep: 192:ZGgJPGtsQkHFN7AeoN6GFZzKh1IeU+wDM0KFQ94:ZgsQkHFFAeoN6Z1IVtQfH |
|
|
| C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 16.52 KB |
MD5:
8c92d66dadb4233e0266932d1503ffd0
SHA1: 464acf4d79e35a3ab92533ab67d208f247328828 SHA256: a4ea0b6326c55fffc4ca299f287ad142bad1608f9f5372577198ac90c5f057cd SSDeep: 384:C3ZWXFIb340E0flPwlyLk5A5880zF+rTnb+aejuz:EZW6tE0f5tk5Ab0z0rTnKI |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 16.70 KB |
MD5:
4b710d02485c9564fa61c86280ab5c71
SHA1: 1a20c6816c2fc6504a2be38a6baae1b7f3e9823f SHA256: 37c243abf301f2c3a73a5bf7b8712ab6740ec8e90bba2a13eb294cee2a77db21 SSDeep: 384:D/l1VAD2YiALLsUEu9MveCQHTNcdqMlHKCe+8QczfZrMI1k6A:D9bAH3KuqveCQHRc/e+veI6A |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 20.33 KB |
MD5:
fcd011d70d1c1a3a54588aa802afdcf1
SHA1: da078a0c43b130e8afa96c9ce4dd8a13b5a6bdae SHA256: a25d8814fa119bd816beb1eb2f29e7111a90876d7f959990caad9a8b2d31663f SSDeep: 384:VjBcb4dWYOypl+N/v67FA8z4O7+yjghCGgAde1By1j5EMOUoFXajG0mCSeC3:VjBcgWepl+NHsFNz4qumwe1kNQtFax/8 |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 8.76 KB |
MD5:
3cf46b7cf523932b6effc3fde490d928
SHA1: 9458667080b6e7d6b9387195f0e8fda61e8d641e SHA256: 60365b164f639fd21d80a04e282ea3542e368f5410e203f50fac31740b60a0bf SSDeep: 192:YEXH79frRES+FzQ/repA17g5Ffo4WIjbAOlQEmo8MAWXf6:rUFzQTyFfo4WubAOOT |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btcdecoding@qq.com].dqb | 14.94 KB |
MD5:
c5bd54ac8dd2d3fd05ba5074073c7e13
SHA1: de0baff01727e66afac1520fcf0f54d6e60abb6a SHA256: 0acfa36d7cd6ba0cdf697f48ba9b3a12440be87fc967233ee084947707daaec2 SSDeep: 384:xcBvG4azaL8lYQNRfV/5SjZ7laNLlZnlTV5FIQA7Dh:xPvs8BfR5kMllV5FHA7Dh |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 4.42 KB |
MD5:
020ed04fca63aa74a9719c37f284d453
SHA1: 31eedf47d66008583cade1435f96efae88828e63 SHA256: 8b2132af9a51b9707d76feab8e30aff1b906936feec80ac6b886e9bb12c091bf SSDeep: 96:sGy17/OQKuc6AOZg0MJLD4jzcabFPLPsW6JP9NGrKZUUNHez69WKg98:21/Oh6tZXg4jIqzh6d90OB+z69bgO |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btcdecoding@qq.com].dqb | 1.27 KB |
MD5:
d0e8214c2ae7180eb61fb4bc3200f0d4
SHA1: 5a19d638e90189ec416fe47c1ec0e6759f89a877 SHA256: 6cfd28b00bba5b041b0a9b3bfd0619bb8debb0db2347792516dd9f94b1a072fd SSDeep: 24:E/RpFPuTui9aYlacNkHL1j0uxoAJZdolKeNYbH/ovRSli0Lrjg/snjaakIS9ddR+:EXFPiZy7UKtH/KRii8jgknjg19dvdY |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btcdecoding@qq.com].dqb | 1.88 KB |
MD5:
c029fb1d6ac7318ac2bb7484d9dd60a1
SHA1: 495b654826a53b952a81e43b480474816c4c90a7 SHA256: d4cc8530fdcecd7eae52571f047ce93d59d63518f8209e0a95ac6e425b23de62 SSDeep: 48:E9vlzyEsuQHSmO10Si19U54IakUjw9dvdY:wvNy/hyJ0jqhUE9M |
|
|
| C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 4.42 KB |
MD5:
4cd8da2714c8a7904de13e3029a3c41f
SHA1: 9f659f7e11289cb52c512aa5959c2fdb894197c7 SHA256: 7c2d3a492e8221c92f2cfd6d55b94aad4817ffb61d385ef4f090b877d226c48f SSDeep: 96:YUCpCwXGxKsPQkLQYHZ5A0YXbf8Wi1tzOvvhAJ4g9nuZ98:YV0wWxR5L520YXbf8Wi1tR4O+O |
|
|
| C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb | 30.60 KB |
MD5:
c4131db8fa4caf81535db2c994d67cb6
SHA1: 26e3f70b17713bbe64373578fce4508666badd16 SHA256: 2b1b4742a2eabc66b7853800c66d95350fb9f53973612d173d7186cffe2627a2 SSDeep: 768:q3Ddleb4gzFH8TsKUIEyVIMSOllvLawuRPqJ0xfXWPWjY:oKUg5cQuITIlvLqRSJ+/WPEY |
|
|
| C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btcdecoding@qq.com].dqb | 1.27 KB |
MD5:
d7a2eed958e8905b61704e420b2c2efd
SHA1: 2ddb87ab97138bdfb85e2db7a3e4b965120066bd SHA256: 3b5467f9561dcaf6b04b73cf102d2b9e09f3c1ae44ce47f5436b0fc2df1f4a35 SSDeep: 24:/Mn/Re0tWsVXVRfebC3TIiHY8S+A434T+vr/EWAVV1jab9ddRlTY:/MnZe0ASPfWC3THRSt4pEWApjm9dvdY |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.56 KB |
MD5:
90ce90ed98dcee3e81ecbd723ee2ad59
SHA1: 3289ab9f6c2467670d0c2294ba83a95768f4a66d SHA256: 6373f15c9b4e8d25a218163739d063906d1ff666fd66863b7008aef1159a29c6 SSDeep: 24:sOPsDnA0sc1K4arYscr4eRsB9VptAVwnyIutBZ9ZsNl3ytKWSFja/l9ddRlTu/:LPwkykMjrZcpyVwwJsZFjQ9dvde |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btcdecoding@qq.com].dqb | 2.13 KB |
MD5:
dfebc3f6fe237c75a25634e4ebfaec62
SHA1: 5bf4d57624befa4d97956e95f59e66d87e9d8a6e SHA256: d747ee7c3eddf86cf3f8fbe57f50cff7adc240e503bd214b20b22f8f0bb4adc2 SSDeep: 48:VknWKNN9hULH+dlPx6HaJ82MQSvCQK2GKfjEZ9dvdw:VkWKNNvdtx66JyC2GGIZ9U |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.05 KB |
MD5:
d5f6eea4ee78406edebbb3cb6eb7fb72
SHA1: a91857d6066f25865d55f5ffa39a22f5a4091d07 SHA256: 93a554207b2816e0017a99c5dd0037a95401accd05d7070fa896c7be4d7b9a3c SSDeep: 24:jVgRU4MMZjUgQJkY50PcaCR1Mhn/4mBdumP3++oXxWS2GjaNZm9ddRlTMn:5MUB8UBJR0PcZ8VBsm2+oL2Gj/9dvdM |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.80 KB |
MD5:
3f80cb335e88f09144dd7144db18704c
SHA1: 63ea8324b23bc947b2ac1f2b5ae35d3ace5f1f74 SHA256: eb92fe12cff737abb8e7d19b2af97b698b617576d8f49bce1f0debdfb080b2b5 SSDeep: 48:E3WQP9o7BpgvaG2wfYnHO8ig3Pm1P+viddo2JGacoztp5+I3PZJAQ0CKQ6OjJ9dY:EGQP9o7BpIaG2wIutRSy9r5Rn8Q6Od9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.76 KB |
MD5:
6090bfd514111405608ddbf253f486bc
SHA1: 0e775ad526fba368c602a8df89d3cb41b7fe0b28 SHA256: 2f2777974616002f769131b8bcce3a6f088cb9bcf632a87be02a827ebbdcadd5 SSDeep: 48:i3R8VcVew7ps7DSOHTAXX3Srxj8O8N2MPSKRs7Fj/j9dvd0:i3RoopaDSHXXYjH8N1S9P9Q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.47 KB |
MD5:
508278826ec236d722273680ca8b3238
SHA1: 45ad26f4d874ef3ec3803b2434dcb5580910c5a3 SHA256: 90716ddd50a3bcae9f3e2acde7bc62a0af1d0b2e81e16a0953b2cd08fece6bda SSDeep: 48:1dm6xSXfjzHdte4QnCdt0SZCn0JjVJE2WrbxSqpPF/OU8Oj7B9dvdW/:10iUfdenm7CO6Yw/OU8OvB9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.44 KB |
MD5:
7a25f36b7df51b22a48e12674f0b202c
SHA1: 23560f355149265829f68013a0faa595a1b04974 SHA256: accd2333979ef302a9ace3e90b70d9861774b1a12dec67df8c9e55304f6db808 SSDeep: 24:Qw9IK5AMCBbB+7RSK5hIyR5klF0wP2FXFy/KTRDdZxLnFVndIftfFjan9ddRlTi:j7ujbc7QK/I0kluwYFyiT3nFVdIftfF5 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.04 KB |
MD5:
555b671c0f6af9220a5c87a723f3d208
SHA1: 5380920b082146d2a5f5e4a406fbc30962a09a14 SHA256: d10950c6804d61e96775e80e3de48b026d9e0d46c208c1f592e130968b9e1540 SSDeep: 48:jpeoyNUriy10wDeNLqvoeyi3xyLvr0dJROj19dvdW/:jQoyNwBDDeL8/yLodJROx9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 582.61 KB |
MD5:
3d8bd118581327bc13c395113befebe8
SHA1: 4e2062b1a5bbe956a92d8699682471a5eaba26f4 SHA256: b4ec989b03861a72306c9280d1482c313e1235454cacc7713d2bdabc7bf226c2 SSDeep: 12288:gw18I+I7nHGqPVTIJFfoByOb0Ixk6wZCwgR8/NlziWJY3AxxKBAU9X/:p8IFrmqPVTIaVxk3Zhu81FiWegG |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btcdecoding@qq.com].dqb | 69.80 KB |
MD5:
547300c0205502735f5f34312cbe490c
SHA1: 29ee97a97071362f63b283b6c15a8a9dbb0b6dcc SHA256: c8d6558d816c5b85be820c4eead60fca90594ce06ad6fb28ac484d5363ff95a7 SSDeep: 1536:ZwyGuy0LY9+BrfI81oe00m7hjpXRncm0ZJSmltvBQ6GGLU/RPKVL7B5m:Z+wYwhfI8Bn+hjphnC7dltURPK1m |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 5.67 KB |
MD5:
b9c55224212d1794f29a4122e8450285
SHA1: 455bd4e27410930b9a18d01db84ff4aa429a631e SHA256: ebc8bbf9256e09ee0596ea212448e246edd1cc72c9ed241507304c5091bb1d36 SSDeep: 96:zjxNxOp/wSoYA18yVTKRVgOlQi473ooioKDWEwOqqdMu+0sDF83DJ109S:zjcpoSLQ8GsgOlQJLohoHQqOM30sm31Z |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.05 KB |
MD5:
9ac30f30f5dcd81ea822db82584b8259
SHA1: 3ee9dc604b9c93c22228f4c4694b6ca3d80c23ff SHA256: 69d2dbce202743723dc81cf9d6e2ab2c47a40e9073f311a7d1f2a81fd9db41e4 SSDeep: 24:AtqxTl3IeRK28ESfotM3lpZaH2ctqpKhH9nS2Gjan99ddRlTMn:A4Jl3F75I1nW2CqpKPnS2Gjs9dvdM |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btcdecoding@qq.com].dqb | 37.04 KB |
MD5:
483ef304ca1d5ce3bea7513d35349735
SHA1: afbeee30e1e61434cfd1eadfde8f841551c65ca2 SHA256: 90ac3047c1be23c6a02cfba61611a12b9acf90cc48300f04e7bfd31cabf3335f SSDeep: 768:ZqfuQGPQlzc9F3SnSvYwvlA98KpYzRSuxFTwZ99Sqfm0PcvmGc1Lja/l1:ZSuQCQ0hAjwT2ESuxMlViGpja/l1 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btcdecoding@qq.com].dqb | 26.79 KB |
MD5:
14da0f8ac8668067ce03be48b5314196
SHA1: 924660093aa5479df368fd193cf7890914a60553 SHA256: e98b5b0587d4df8d095433febf0859432d2738cd9ec2ab535baceaa8156bd8be SSDeep: 384:ygBjpkt2Ow+yHw5LmJd4TqTEWPPqORYNRRVjHS57lP2L2DxUn2IirlFblTUM:BvkTyuLOHmORgVuH2KD69UhTP |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btcdecoding@qq.com].dqb | 65.85 KB |
MD5:
4e64119cc52041f4445dc6de6a7e383b
SHA1: 7a1b4993b903fb45e4603b8b044d6554773c0d9a SHA256: a725d60667e001fcf05112353f22af481ddc8e959c051bee71117884ebb34060 SSDeep: 1536:bS2BUXRw4eHrsyoteaoRaLNOHgLlqiW1E0TD7y/oq0yW:KasLteaJqfzTHY1W |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 9.37 KB |
MD5:
adbe563787b808770bb31d8fe7fbe195
SHA1: 0fc7ffe6c79a1e6e5a8e2e35c019374f776934ba SHA256: 4b601e7c5b3abb2947530402f69d234003c3de3151d9b626f3af27afeff7ce4f SSDeep: 192:rV9OFK8MrqQeF8oxpgnpJ8RVVS+BpD2DWFQRAtaQTqHUC+ipC1xrg:rVkKVqKongXqVlD22Iuq0C/pD |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.14 KB |
MD5:
d48d329927aaa54e992a96edcf71d6a5
SHA1: 49fb82a02838615e39f7d2f65453a2b58c5f24ba SHA256: ce8091f7a569f9c0e5f8f1cbf5e56173b3fd1eb0182def5bfd3ce1f62d000256 SSDeep: 24:R55PGsEZPekYJ3ldWv+6+geHUvIBPWnxKN9/ZFja59ddRlTu/:hGsExS3ld8Freu8WxiBFjo9dvde |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.65 KB |
MD5:
97b54ab072cfd7d9bf654fdcdb2d627e
SHA1: c5cce0001ab6b21638c823a80b50f4eefa2fe049 SHA256: 72ed91c560bcd1aed310052e9548cb9c66d8e8d5637006eb6b65680503098ba3 SSDeep: 48:0kX8pNDyndqCoixb6WgYCW+wlaIc9k7SZjlOjv/9dvdW/:0k6DygCosMYDa/3lOr/9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[btcdecoding@qq.com].dqb | 26.54 KB |
MD5:
7c16b073947c0885157ab34ff9989b52
SHA1: a49acbc97b0ab1c64acd8a03b0876ce2b03af76e SHA256: 01ef10465d97f0377bf8f31d43b550806ffe9943a66a1cdcbaf829672a660def SSDeep: 768:/3daquCpuM0HTAZ8093JLCXlUzcZrn3CRsSD:VatM0HTEB7WVUzqn3Be |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 4.42 KB |
MD5:
d1a885334545e3520f9826ae26f70020
SHA1: fdd82c9da835d9fcc1ea9483cb5bf2525f1dafbf SHA256: 91915d45c30855caed747f779c981c2a094f498d5ad14f1019280887344bc280 SSDeep: 96:J9EGv96SXyCr0Gd0Qxuy5JYMhg0nNrnBK22MSQ1hwgtCv/uPoaos98:JK2pXyw0HQ35JYANrtSQ1hw0Cv2josO |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.81 KB |
MD5:
f98dc0c14258267954932962a8651b6d
SHA1: b6aad61e8ab60f41fb09d0255aad21e017464afb SHA256: 3d2e27761e159b2bbb0fd1e0a601e314b6cab71cc402e5275ac2cab3c33dfb20 SSDeep: 48:k7SLJV21ooKuK7pAhKeTyzvMTwegOv9J0HQ6VdcWFja9dvdI:nlAKP7pKBnh9JRdqO98 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.18 KB |
MD5:
6f6e3bb9a713a32ff061d3d68b411c0d
SHA1: 8cb8c032f5a384253e62dd58a8e26fe9db7da56c SHA256: d68b017055e2395459e97aecb8a8d0a3946430090ea94e08938a84203aa351b4 SSDeep: 48:aE/2IBO425U/1pF7mQ4Duqnb8sMSuqiYIqfpFzDtPvNHXOjUN9dvdW/:aQ9AtUFBqoXSu9YI2jzDJvNHXO49q |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 855.24 KB |
MD5:
6dbd985e68028a56e497fbce1e343211
SHA1: 1ea7007075bbd1278b34581cc48c1782373dd477 SHA256: ec0b8c9b70cb65bdfc34148182cff7ddf408649a7cd38b88fd347980390ab525 SSDeep: 12288:Tr/EEq0uLtU29qmp7bmNXgsBfYIJ1r5EfhD82Zfjqk2t1hTvvUa+UEOEWl+Z80WE:vq0uO2B7+g2L1KfZTih7vD97l+TWsyT4 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.60 KB |
MD5:
73911ae2abd4f9d13b46b52b6f19584f
SHA1: b8502531533ee3af30d82223bf8b6e462a6c5e81 SHA256: d678e09badc7f4a06aa466559a92c21e0aaa3e670b0171fae7ce21c1c08c685d SSDeep: 48:NrrP+qcXafHCBYPxyGktRSBmO1FjGZ9dvdi:lb+qMa6uPAeCZ9u |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 4.33 KB |
MD5:
d475628111b55acb2d6f51d7d63ce0fc
SHA1: d3406b242dec21aadf4d22bf0081e1cb3f16bad1 SHA256: 08e281d26de482088c995754b9527febd8a6adc237adb37facc84bf09d04cdb4 SSDeep: 96:6egOtIGx01gBm1l8xOb+OCzIXO/oyGC2JkeheJu/kOAG9q:65OtIGx0eBqls3IXUPGC2J6QFAGg |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
6bad21ca3d6a147d0f74087547e05cf2
SHA1: 8eddf327254810d543080042bda5b3a9330cd58c SHA256: 5135df7268f7d81cda4ad9f86acd079f80d881d68f613b41e2dfc30082d5bf81 SSDeep: 48:cPoS8fm/bNTEmblxAwOvDYDr29ztFjM9dvd2:jSSSbt7xARn9ng9a |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.07 KB |
MD5:
0e63f917202b0a50a5e9f3e4b89ec5c1
SHA1: 820e3d2707ac3a982b2755f695a5b5f1513f13d4 SHA256: 92ffee1431871624b50344dd1ba47f9bea1b95e41454940cbf9ae91ebb613328 SSDeep: 48:m4hjnZ0w9U1jYyU7N9qV3Yh/j/mqfXC1UkqWykGlaOjx9dvdW/:PZmjYyU7HYodT9p4BOF9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 3.36 KB |
MD5:
a2dbcdb6372a01036e7ac274ac0460c0
SHA1: 8b75a06a59d2b972269e40c3e169185b91afb273 SHA256: fe37c967a6e5a99febf2f4072f653d9e77cd99b35b30bcaca994c36c5d21ec2b SSDeep: 96:v36SoR4X9OIb24ZgOf/z6Iv/LsNlcNB098:/XoRG9mOgc/1vzsNlcP0O |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 860.74 KB |
MD5:
c1380e9e8b40b2f217b1b86e6f8d4e9b
SHA1: c7b156fcf805fbd319d09bc01d12b773015ae8c4 SHA256: 5ab4cabe0de06b92a3c5bfbb65b28c548bced74595aeaf5af9556b618570fe3c SSDeep: 24576:qDImuRfdIOHlEZ3mZSidTHvSP7wzLd5/Jr7Zf1ja:qDtbZ3mZ3GKdvr7d0 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 6.51 KB |
MD5:
438096a08addc46d60b6c42689c89f5c
SHA1: 1a9900f517ab94227d07518da51cd11dc21cbfcd SHA256: 215390914060d8aec23d25f49752a734f4a3f1840dd4ab712ea33c4d2ef85d29 SSDeep: 192:lCGSy9N3A4kpxxf3hAgjivA9rVvSTh3X384:EGSy9N3A44ZRYvA9ZaT9XX |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.07 KB |
MD5:
e932d93b18a3081c3f76deb47f9eca0b
SHA1: 167d849fa350c017e01fca99cd65548460a446d9 SHA256: 40c86630414660411a726be96abb92cc4524401dd0a448b4ab8b9c26bae2f024 SSDeep: 48:ePd0VtWSrzedPm+8KGE15ay+pLmGg1xh/ImOjK9dvdW/:Tzec+s+aywmGg1xemOW9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.55 KB |
MD5:
85d5174c0917a7e706ac63a1cd26a51c
SHA1: 55fd97fd36ff2b55ac9efd33e45441d2bb38c6de SHA256: 148857fa3be629ec6fec6a377c1b3df56a4c2c3cd19f7fa543caa1b0f713c28b SSDeep: 48:0k8sdBV47hO9bHrsiDZP3y7JCpO2jCE9dvdW/:0r49bHRByFMmE9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
1708a243e25460d329b92d80df349b62
SHA1: 0b9606d718af44804fe063322d35a234a1d1031c SHA256: 59f61e6c9516a78163bf43465bfd287cf9997928c620f499a30ee480190af35d SSDeep: 48:O3bzS2b5QM+aA0X63FvR9cIbcVEdpCvjcCKEqARvhmKj09dvdW/:O3dQM+DvDdwV8p6jcCbhFA9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
60d2eaf41d635d8ffde6eedf73200a11
SHA1: a0cd3dee4221ad28041e634dec5c88f4cd829806 SHA256: 539f3b3df76588ae97529b02de9540c643fee36dce8572c0208a46e3fdf924e8 SSDeep: 48:K4pavxkrtzR1ZfbYwMaT1wwVkLYPu1AjE9dvdW/:LpGxo7ZfhMaftZo9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.54 KB |
MD5:
5a0b2f9c794b932af8900f94b26aec18
SHA1: cd9683f1237091b7ee784fb13877174a21adcdf7 SHA256: c867415dc9523bc22cc7529f8fcdb79ffa610d9947a7b88d4cfa3438a3f8d9ae SSDeep: 48:phoraIlZaYbd6ZLhtXuXhEiHFCiHQSrANOb5iFzsfOjm9dvdW/:0aIlZlwBhtI2UHQCb0FKOa9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
23e97349737342ffd49be0414106b828
SHA1: d63189b286dbb03b713f74ed64a83871a6ffe3b5 SHA256: 88b55cf8a97597cf4c69a6fb5419859c2dc8b7f6edca6a8da6342348278df5f3 SSDeep: 48:ofM/MV0SwkelKLafI1gN/LJuFsGvQ5aanAcFjIf9dvdI:HMJKKLafIgNDw2vaw90f98 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 16.70 KB |
MD5:
7ee3ee7329fb9423bd3216431ff6f879
SHA1: a88a58c4664661136b06dbfd94b73674a16438be SHA256: 30c10a809f7945a16ae3824c1c49c242362a9b1c0dcc318055a387f076673f48 SSDeep: 384:SFEaVe2rfbVtWHcngoESmqb8oovw8plB5hJ2vbfgDoL8Y8yJFItw:SFHVeOfpEHMtEWbx38p5A0oLWynItw |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 30.60 KB |
MD5:
98254eabb177b7c8ac97f7fe34077afc
SHA1: 13a5cc171245ed89baf2e9e4684793f695b6973a SHA256: c80174fc3bd5d0c42f6c2101e9bc04a4a3ac5de594c72d6053bc887adad71b24 SSDeep: 768:ocr5MqTCCwfQ4cZ+pM+KWCfJXc7nRxHWbw:N+qxuQlyM/WCf2RYM |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.66 KB |
MD5:
7a9d71f6c0ded47c1226d89062fa5ee6
SHA1: 5117674a08f01fcaf4ab8ba6648d17079861fdbf SHA256: 97e08cc08f8c6ce688757e6d1e2748f3f0e41f4426fa980ce7c001a87c0231b1 SSDeep: 48:VpQh90dfykoqIvLjzJYQhXydoIEsdzVb/Y3P8Fj29dvdM:Vpa0dfzgLjzJ0RE2Vxa9Y |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 16.52 KB |
MD5:
3efc9f1e4a4db3f4a26bec0396ca482f
SHA1: 68022ef1e419fdb981360db8144de23376940566 SHA256: 27dcfacbb59d183ec6a8739f8b5a34079a64190d0a35d2357a25efcae73f9c07 SSDeep: 384:25UXnwOxRWZF3hnQjdnXO3TSfonf9qdF8hFzuILRMD6rGnzg5Z+:2wnwOP0bnQjIefgeuhF31M+GB |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.80 KB |
MD5:
60c0bc95c9ef61232244e73433139fd0
SHA1: 63009df67cdbdcedac5e28b46f5d1352ad851566 SHA256: 1d9165ae6726f64425ca806e305debde92bfa89b39e633a4a4bb81cf9846f8c3 SSDeep: 48:JvAlz6tfFSA5oFHzH6LflPRalPLj62U+a5Ojv9dvdW/:JhSA5oFHT6zlmbUb5Oz9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 6.33 KB |
MD5:
5400afae5920fd014b33bfdab0f41995
SHA1: af0a31b5cc4660aa69f1dd134475db41fd6a252f SHA256: eb995ec79c9260ee72b851b2cbb477aa9780c7c920d52e2f3fb13f8047174c8c SSDeep: 192:45uT29UYUrcX9sd+jBIfMEu25qdy4SPDrHg:4a29UEsIBIXky4ag |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 20.33 KB |
MD5:
898bf054041768d4cb67dc206ec2a979
SHA1: 9119c0e9a2eb09e696df87bc48f76f90249af1a5 SHA256: 4ac4c67189a9dfed12b15241c8c2a9f9981164594f98d12c51d25a805623f0a0 SSDeep: 384:xta0bRjqZjCQQmyuoaRRnredBDfFzMLQUw5XYRaqqNMQUo1Mk1eAZpzIU:2sRjqEQQvIhrEhv5Ya5/6UbZpUU |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 8.76 KB |
MD5:
c464adaf86463ec8606dc6da23f616ef
SHA1: 8f87f6c670960741b2342870700c65495cffc144 SHA256: 5eb0411bb37ac28e6c3607c3aa49add15673ee9abd107d2fa51fb898d12caf51 SSDeep: 192:F3BBKjhu5QGK5IF8bd5EciBmA1myVMx/eUI/FLn3ADxkp626XFUXuGUsQhU5+2yb:FR4j7GvFAU9BmA1x2/0/FUDKckQ6/ycC |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 9.51 KB |
MD5:
a132d1e03b9544fba9b3bbbaed43807e
SHA1: e925fd2484280c2b0fd049de88678ff331c18096 SHA256: 841e3c316a3dfcbabdedb468fc8e08a2e5593637f68b773266b5098bb803e07b SSDeep: 192:pqiFx9dIXT8gzc5ioiyyg4dQixX+22THqvyYw/js2oSeaAk3m6:widET8gzcwoJx4dN8lqvyYEg2oSec |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.60 KB |
MD5:
a42f783bf1664a0771932335c151b098
SHA1: fa1b8255437efd6fae299a313f919d46337927c5 SHA256: 7731fb627eb2720f87531215c8cf5649c9e715ba594c881fa097f7bead0d2f1d SSDeep: 48:JnAmqmnZg0X39+KVgnb7k55f6OAhA+YP0+lPQuCl23sJlkzMXyOjF9dvdW/:VvnZLX39RVgkrDAup0YQR0sJlkz5Op9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.03 KB |
MD5:
0a8f797c4995506a51799f96d9ee46cb
SHA1: 56e1806af7d87cd477d84883d395b833b2a7a0ad SHA256: f8c976c665d58e744f764cdc9ef389cb3e0434406992a77b33cc21b8b869d84e SSDeep: 24:pNQ5QGElYzfqWAG4DEg2JUNoljNT0WDGMbPjanit9ddRlT0:jQ57ElUfzSMUNolj2WNbPjOm9dvd0 |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[btcdecoding@qq.com].dqb | 11.43 KB |
MD5:
14b2bf87c81d1a794c20f3065ac28f9f
SHA1: ce536ae2b6795ad562e2bf894f24573f29754996 SHA256: 9f367cfa610a77edd8289c613c02c24660a9b255fe848468c930eb8087040498 SSDeep: 192:45Rdi7ErK0FHHB8VDIQXhNeKSABR6099REYl2papAHU6xN1ooJ87u5BzklZk:6RdRxH+7PLBR68+HTzuc87uvzt |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 8.94 KB |
MD5:
adb23f45ee9d308a78c484acc079851b
SHA1: a75455b3563677f7ea4e8c2a2fbc4c2526d51e47 SHA256: 0a12b14648382604329f5db38b7ffc237306431ad29e4834c9b1093379121a58 SSDeep: 192:TpftUWmth7Hvc5Ls9mwz3kPekL5SvwxvgEq0IUtqk1W+3g:TN9sh7f3kPdLCt9tKK |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.04 KB |
MD5:
2bf43ad4d4881a61ee426cfefd1e9138
SHA1: 6f9c5b2550184b04f93409ca8fe75088f5c47342 SHA256: 19377f305dcd3bb74b649f2e41fe210b27154330669f051f253c7661d8f205d8 SSDeep: 48:vUZ73bVTAcBaJBgpxgpow6Vqojr9gzNLcxc2Z1BS2j/+9dvdW/:vUFrVTAc5xgpotqFBQL02S9q |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 5.97 KB |
MD5:
c87483e34327d43a2e22b0d92f53c73a
SHA1: eb89a1ee55a5594c11420a73c05e3db01de3c4e8 SHA256: 72696d4071bf192b5d0d8086aa75a1b50b814a47f6b775a58526b45340e500dd SSDeep: 96:/KpHnxs+LlS2WxLSXX+coZIUzHKpLhirWAN7dlT4Ob7nKAcMpyS18zOL9q:/KVxhZS2UHs8VN7HTzPnKopyS1dLg |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 865.24 KB |
MD5:
6189aaaa72d1cc61b7c668e037afc56f
SHA1: c2adb4b56e35385b829fc3ac372873b1bd596fc3 SHA256: 284aef45b7fe2d7ea60687e61c49d587ad82b8475c85b10fd433c597377f310c SSDeep: 24576:fI/28+YLU0/vgWBh8GsPcHBzWwI2VOYQ/HIv:fe2MQ0ngWBhxtHtWwI2VQvIv |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 1.99 KB |
MD5:
df2abf1cdf041337661c02eeed5c2f1b
SHA1: f95d370d8359be812b13cdbe963c6219928cf75e SHA256: c96da9029193fd8b6d885c06a4384ed98f817baff1f2115a5a1e75dcb334a10e SSDeep: 48:OgFojqFl25xwYkINGGW0alzlFBcIh2ndw3DA/nWqYBqaFjEL9dvdK:OMoSl2PbGxfFCIwndws/W5gmG9m |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[btcdecoding@qq.com].dqb | 222.21 KB |
MD5:
891017014932641be32860b1c728cb78
SHA1: 42f17e306a9eee0a625f2dd3d77c5a2a7d7467c5 SHA256: 97578596ddbb13c35861c1910acfd91c5c54349d44da7575d97b057e80652095 SSDeep: 6144:PeBGVZf9t2e8yLPeYmK2jl4nQsnXslrJ2Ig/Mdk3/:Pekjf9t2MW1K2jl4QsnXE92IZe3/ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 848.75 KB |
MD5:
97f799d97fdd8ed355fbad7de0c81db9
SHA1: 9cb6d2446e7e9c02766c4a68b226931010063ccb SHA256: 4c1706b69e191826889dd97110f5b22dcb3f2def10f0115a9af33b60bc21abbd SSDeep: 24576:3iF3g3kKmGzbWvx+ADNGMVT8kPH1A4qT9v6:3iF3LG2p+AIcTnXf |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 853.75 KB |
MD5:
966067549838472320c96ec288d6e638
SHA1: 133b824fb222ab924aac68d71d0d4260453b021f SHA256: 1ce5f60fdf0f2c63d0a0deca0fed398dbf8642d2943860612aa50fb084aae798 SSDeep: 24576:Ac1SwueLBHOMZOWLtuFT+xEBc6Oy3xljoWzQC:AzwuIB5O44TGElOyh9oMQC |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[btcdecoding@qq.com].dqb | 1.13 MB |
MD5:
5556be2403070b1c8c7bb2ef601dbfbd
SHA1: d87b8a8ce85832141b58e2fb7ffe3a702d0df6d0 SHA256: 1a1260157bfe8a1f282c80e1d60c23391df0565a902a6da15437a20488e12050 SSDeep: 24576:usN19gyxTYIyWIb0A5szj+57LRvwY7cB0yxB3kA2qldmtBb55u8X4o:usNIyxUWmh5sAR4ZxB3kbZF508X4o |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[btcdecoding@qq.com].dqb | 38.34 KB |
MD5:
09d00a63c849eb0f8761f75fe85b568a
SHA1: c2caf59fb855d307e2c0becc7f5ab4aea412b67a SHA256: 49ea28d5091d37ae95f48f200239d7ffa1d98d58b065055b9cff81f8df7d05b1 SSDeep: 768:AztBzm69rloCdbZiTNhx9AzsPHnNq67EYQKrKwHRNiOc7uCb:Azvx9rlo6Uf0KHnNqDYQKrKwHR06S |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb | 890 bytes |
MD5:
c5242a6b7381aa8a2ccb28fe8da0fe62
SHA1: c68814db9669d3492a2b8857dcee82f34107c7fc SHA256: d67142a85cd4a0f72b9544114f04c98f8c0521f0a5f5394807879a73f863daf5 SSDeep: 24:EVAfiSg10eW7Gs+oS5aCBiFQnQrEzBjaRh9ddRlTK:cS1278H+d6wQrEdjW9dvdK |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 8.60 KB |
MD5:
f5f27091486b1e231e014ba2be32cc8d
SHA1: 08ef0f8e9c83faedf4b02d5eaa2cc714a3d1d764 SHA256: 640f4cdbad9aeb96bd0dca876376a7e99b508e0bf5a4ae913964afe8d451b2f7 SSDeep: 192:W1WwZKHZRzWpeZA6NA6m37xLHZ3GQcyO7k5x5ZnmALADoQbi:uWXZZzA6uZxLEQcyEQx5IIlb |
|
|
| C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[btcdecoding@qq.com].dqb | 2.85 KB |
MD5:
d39c737869a7c5fbd44df03e345e0428
SHA1: 2cfcbf36203757fa3c897722904741f4d9ad23cd SHA256: 555138187c421e77b1853a27b09919bf25caf23b2ad3d4e3345011e3a4aa3c82 SSDeep: 48:TxqORt2Xyo86QEHMrEstES8f2+OOHps/eGcVUCRzwuOHBb7A7DsMYUkjI9dvdw:8ORtwyP6QtvLe2xOHps/eFV2PcKc9U |
|
|
| C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb | 378 bytes |
MD5:
076ccf5e544a5029e1d1a700faf558b7
SHA1: b3eddf44c9d6d3e6afc05c1756e51979be460107 SHA256: 42d20396279e4850e423aaba23d51bf6d4871bca567d639c6a7ceebfdbe4526f SSDeep: 6:IWoffSO5Xmo7y99hzt6qiC2vc91Os6WC5U8GCaiRQ6x3kdxbijEdJlTYl/n:hof6O5X1w96vuOHxjaIQ9ddijqlT6/ |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 3.14 MB |
MD5:
b274ea276caf373d817a0447893f35dd
SHA1: 0ff7e98bcf9e4c4169244abfaf1a573bfb4dd8de SHA256: bb078b8e890475e88f5d4029b56976f3fdb191dc072b4cc5fb2fca18226e7d9a SSDeep: 49152:zDxL8QBo0Tex4S120ytJygsynFdQay0MDt:zR89t14hd1Q |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 3.14 MB |
MD5:
472e107d86ca42b018f9c694807a1431
SHA1: a93bcd3fa1dbcf8075386fc7b6b45198fa9884fe SHA256: 288a3e8b839eb42d6d5271b19dc00fd33eef71fcdff8f15e98af82a017741b6c SSDeep: 49152:zDxL8QBo6Tex4S120ytJyY/09iy1wbcLqnnh:zR89j1/9l1anh |
|
|
| C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 16.94 MB |
MD5:
2fb10a322517f7cbfb3a6cfe3f7ec571
SHA1: f50dbea0bf05e4a4f73abb265fef52fa43db4e07 SHA256: 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 SSDeep: 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 10.25 MB |
MD5:
a17aadd9b25b6e1d759fa1b5ffd26144
SHA1: dd36b7458d3907619996284c104581ac06d435ba SHA256: b8155e239eb18135ed1152b7c4f462cece8e00ec300d94d9a6a214398b8aca2a SSDeep: 196608:aPUvTYpH9RBl/tus7o4L7tZiTnp/jE4U/bxlLRx+3Xh:MUvTiNhU4L7tZiTnprP0txRs3x |
|
|
| C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 67.85 MB |
MD5:
6b078cbccbab0d5edeaa1d85f11ba58a
SHA1: 66820f091ea72f244d2d2019748cbda0b7b9702d SHA256: 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 SSDeep: 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT |
|
|
| C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 3.15 MB |
MD5:
0dc90a60651699cca27fc690e9b762c6
SHA1: ea95d370cd324c195d9b61cbf4faaa9132d03647 SHA256: faf46703fb0dfce676987d3a55f77e0bc9873e344cea913a62475c2b3a25bd9d SSDeep: 49152:zDxL8QBonTex4S120ytJyx0jlQctS5Hu5Z1jeiHzgp:zR89K1JeQcthDzgp |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 14.88 MB |
MD5:
0132354deb06c352353675fce278a129
SHA1: 82f447263c0d4d83d398af15034413083edcbc35 SHA256: 8e5451128ff68d309300dd54c2a3bb83f196e6fefb39f1e8d6b7c24b8a6f7307 SSDeep: 196608:TIwm3nNVAl+ig71eZ8FclBElWHEbyLbyo9crpLlR8ioLO0ZF9CrpbQ:OL71eiFge/GHyo2rpLkcoCrpbQ |
|
|
| C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 3.48 MB |
MD5:
eef90f9a1549177711160d6c5d09a774
SHA1: 614232038cb062858d86da170b038d6bd1dbc976 SHA256: 5412562b80c91decb445028269809a876cbf822304cef758cdc712eb97fc7e71 SSDeep: 49152:fHYLL/WoWLljb1R6rOSN20yRJ6gvd/ln0YZYehu:fqLVW6vS1WYZYn |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 42.53 MB |
MD5:
4fb6c079967f604d4b8cdf477caf6de0
SHA1: a8777ca0e49e5d98d01a6b007c7b62b5dffb5b63 SHA256: 9fac05c1ffc4b8060b0a5b942d35cc90c0bff012af1a00a6712c6d03018b083f SSDeep: 196608:MaurJM4k8IMj3kMxfGbWaxJMKMA4JxuiNQG3A2r7rfiSFhysD8uxDxKj:EOn8IQkM2BFEx96G3AUf7FnzKj |
|
|
| C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btcdecoding@qq.com].dqb | 2.35 MB |
MD5:
baf319671584d0ed221df6cd9208915b
SHA1: 1247bd6bee6e70bde0a1a57b3214d335bdb855b9 SHA256: 78e577d1fd317f269a39ad274e541d2fb8db01c9d527eb3d23c4264de5826d7b SSDeep: 24576:nzyc0opacbhmgk5gHL7a35AyjQgz9vzBA4rdeNMF5/ngufpPJ/OmkDmHBABiR:R0opH/cgHa3HRxz+4gI5/nguH/OmYMy8 |
|
|
| C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb | 3.16 MB |
MD5:
576c861107be93707566ca28d1203151
SHA1: 5408cba6bb404ef560df645b1e795e48f96634b8 SHA256: 729d9e817900d6db0d35bd4dc4fe04e8144b9701280124434080a1e05f96bfe7 SSDeep: 49152:zDxL8QBoSTex4S120ytJy27sBIv28yKhxsieQY7HhpZZ:zR89r1Pe23SsiSBpZZ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 11.70 MB |
MD5:
052b4a3aaf24e1879297e0f1408c7662
SHA1: ccf2d2087988828f8117c27f1ec3ccaf4b5b926d SHA256: 6c23fd16b44e1eefdf52ac7ad99a1fc46a9b4b3e77c6643dd26d1ad79a2d1021 SSDeep: 196608:Vf1gRyjQR9g8YYIcjfXontQdQGzFZaGkGdN7p06H1JX/WanfW/OIV0h:V1WbR9YY5AJGBZWGRz1kaza0h |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 13.76 MB |
MD5:
42ac6eff5aa1dad153cb32ec3d616e43
SHA1: 8d8693b1d4aa27f2f48345e6f2e760c5f205d163 SHA256: b8984acb419b90aab0f7fd9addaa90b10847e75aeaabfde74fc133085adf3455 SSDeep: 196608:Yu6eDsIwHBL4B9lCzT2bOgcDuihGYrLpVUBJ/7HAFGtNy6aMhnRTU+:WqsIwHNB26gVE7e/7JNMM5RTU+ |
|
|
| C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 20.84 MB |
MD5:
3d0e1f18676626331ffefafe53b18248
SHA1: 80d370bf723a4b00b769c1a7266d63de82280ab0 SHA256: 9ceac29cec7a9772266c3c6ed68bc7f25dcb38c12c388fe9f21e58890e9cf26f SSDeep: 196608:PFNUxdiOm1j3/abCsYwFOSQo2pWDOQs4hW6s63HS:qPmN3/abtYIQoROQ93RS |
|
|
| C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 3.54 MB |
MD5:
db940dd7cfcb0a309cea7f999879363f
SHA1: 66a24be9ad6541dfea2e63a662e186dd53c194a7 SHA256: 544ef6fad358ebdf591edc61c0ca442106442a82ccf4836de381a3e0944cf979 SSDeep: 98304:zDMUwxyODPFhbY12HLodiF4+5ri4+TgJazj1CKzb:z4UwVthio4tTgJ01CK/ |
|
|
| C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb | 18.75 MB |
MD5:
d0270fa686df7e1fbae95ad8489a5b5a
SHA1: 3d43a29d7087167d3f8e12ec237a8b25599cca07 SHA256: 677ba720e203d1ce322f4a4d6e6e9933c277afc51f1d336e6c7fdd7380a2c263 SSDeep: 98304:llyaDH9kcidg6C9NfjN0+inHftQADI0Ns:iaDH9F7/iHXDI2s |
|
|
Threads
Thread 0xa94
377
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76c31222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76c334b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76c354ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x76c49af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x76c359e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76c34950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x76c31b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x76c3dd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameA, address_out = 0x76c4b6e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x76c3424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76c31700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76c35a4b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76c31136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x76c35371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76c389b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76c3170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77152270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x76c35151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x771522b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x76c34220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x76c4d5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x76c33e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x771645f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x76c3111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76c34467 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x76c334d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x76c34173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76c31725 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceFrequency, address_out = 0x76c341f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76c311f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x76c4d4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x76c4c860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x76c4ce2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x76c34435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76c314e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77171f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x7715e026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76c314c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x76cb415b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleInformation, address_out = 0x76c4195c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76c3103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76c33bca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x76c33c5a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x76c31986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76c4d802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x76c35a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x76c35a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76c5735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x76c5896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x76c58baf |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x74d40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x74d5468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x74d546ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x74d514d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x74d5469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x74d54304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x74d5431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x74d4ca64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x74d4ca4c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x74d5369c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x74d67144 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x74d52a86 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumDependentServicesW, address_out = 0x74d41e3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumServicesStatusExW, address_out = 0x74d4b466 |
|
1 | |
| Module | Load | module_name = user32.dll, base_address = 0x74f40000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x74f590d3 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x75fd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x75ff1e46 |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77130000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x7714fda0 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x74b50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x74b52dd6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x74b52f06 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x74b53058 |
|
1 | |
| Module | Load | module_name = ws2_32.dll, base_address = 0x75bc0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = WSAStartup, address_out = 0x75bc3ab2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = socket, address_out = 0x75bc3eb8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = send, address_out = 0x75bc6f01 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = recv, address_out = 0x75bc6b0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = connect, address_out = 0x75bc6bdd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = closesocket, address_out = 0x75bc3918 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = gethostbyname, address_out = 0x75bd7673 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = inet_addr, address_out = 0x75bc311b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = ntohl, address_out = 0x75bc2d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htonl, address_out = 0x75bc2d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htons, address_out = 0x75bc2d8b |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15091516722 |
|
1 | |
| System | Get Time | type = Ticks, time = 98389 |
|
3 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_5M390TA, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_5M390TA |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_5M390TU, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_5M390TU |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ivttvf.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 32767 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Windows\System32\ivttvf.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 1048576, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\Windows\System32\ivttvf.exe, size = 94720 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, value_name = ivttvf.exe, data = C:\Windows\System32\ivttvf.exe, size = 60, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 1048576, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 94720 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 1048576, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 94720 |
|
1 | |
| File | Read | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0xa9c, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 65 |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ivttvf.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 32767 |
|
1 | |
| Module | Get Filename | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\ivttvf.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ivttvf.exe, size = 32767 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0xaa4
4044
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
|
For performance reasons, the remaining 496 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xaac
11
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
10 |
Thread 0xab0
111
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 98670 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Get Time | type = Ticks, time = 99060 |
|
1 | |
| System | Get Time | type = Ticks, time = 99341 |
|
1 | |
| System | Get Time | type = Ticks, time = 99653 |
|
1 | |
| System | Get Time | type = Ticks, time = 99856 |
|
2 | |
| System | Get Time | type = Ticks, time = 100261 |
|
1 | |
| System | Get Time | type = Ticks, time = 100761 |
|
1 | |
| System | Get Time | type = Ticks, time = 101307 |
|
2 | |
| System | Get Time | type = Ticks, time = 101915 |
|
1 | |
| System | Get Time | type = Ticks, time = 102305 |
|
1 | |
| System | Get Time | type = Ticks, time = 102586 |
|
2 | |
| System | Get Time | type = Ticks, time = 102882 |
|
1 | |
| System | Get Time | type = Ticks, time = 103397 |
|
1 | |
| System | Get Time | type = Ticks, time = 103974 |
|
2 | |
| System | Get Time | type = Ticks, time = 104271 |
|
1 | |
| System | Get Time | type = Ticks, time = 104707 |
|
1 | |
| System | Get Time | type = Ticks, time = 105097 |
|
2 | |
| System | Get Time | type = Ticks, time = 105347 |
|
1 | |
| System | Get Time | type = Ticks, time = 105503 |
|
1 | |
| System | Get Time | type = Ticks, time = 105737 |
|
1 | |
| System | Get Time | type = Ticks, time = 106174 |
|
2 | |
| System | Get Time | type = Ticks, time = 106564 |
|
1 | |
| System | Get Time | type = Ticks, time = 106923 |
|
1 | |
| System | Get Time | type = Ticks, time = 107344 |
|
2 | |
| System | Get Time | type = Ticks, time = 107531 |
|
1 | |
| System | Get Time | type = Ticks, time = 107843 |
|
1 | |
| System | Get Time | type = Ticks, time = 108139 |
|
1 | |
| System | Get Time | type = Ticks, time = 108451 |
|
2 | |
| System | Get Time | type = Ticks, time = 108904 |
|
1 | |
| System | Get Time | type = Ticks, time = 109200 |
|
1 | |
| System | Get Time | type = Ticks, time = 109481 |
|
2 | |
| System | Get Time | type = Ticks, time = 109918 |
|
1 | |
| System | Get Time | type = Ticks, time = 110105 |
|
1 | |
| System | Get Time | type = Ticks, time = 110292 |
|
1 | |
| System | Get Time | type = Ticks, time = 110526 |
|
2 | |
| System | Get Time | type = Ticks, time = 110916 |
|
1 | |
| System | Get Time | type = Ticks, time = 111197 |
|
1 | |
| System | Get Time | type = Ticks, time = 111634 |
|
2 | |
| System | Get Time | type = Ticks, time = 111868 |
|
1 | |
| System | Get Time | type = Ticks, time = 112398 |
|
1 | |
| System | Get Time | type = Ticks, time = 112960 |
|
2 | |
| System | Get Time | type = Ticks, time = 113443 |
|
1 | |
| System | Get Time | type = Ticks, time = 113787 |
|
1 | |
| System | Get Time | type = Ticks, time = 113896 |
|
1 | |
| System | Get Time | type = Ticks, time = 114255 |
|
2 | |
| System | Get Time | type = Ticks, time = 114457 |
|
1 | |
| System | Get Time | type = Ticks, time = 115378 |
|
2 | |
| System | Get Time | type = Ticks, time = 115596 |
|
1 | |
| System | Get Time | type = Ticks, time = 116158 |
|
1 | |
| System | Get Time | type = Ticks, time = 116532 |
|
2 | |
| System | Get Time | type = Ticks, time = 116969 |
|
1 | |
| System | Get Time | type = Ticks, time = 117531 |
|
1 | |
| System | Get Time | type = Ticks, time = 117687 |
|
2 | |
| System | Get Time | type = Ticks, time = 117889 |
|
1 | |
| System | Get Time | type = Ticks, time = 118077 |
|
1 | |
| System | Get Time | type = Ticks, time = 118357 |
|
1 | |
| System | Get Time | type = Ticks, time = 118779 |
|
2 | |
| System | Get Time | type = Ticks, time = 118935 |
|
1 | |
| System | Get Time | type = Ticks, time = 119418 |
|
1 | |
| System | Get Time | type = Ticks, time = 119777 |
|
1 | |
| System | Get Time | type = Ticks, time = 120198 |
|
2 | |
| System | Get Time | type = Ticks, time = 120370 |
|
1 | |
| System | Get Time | type = Ticks, time = 120853 |
|
1 | |
| System | Get Time | type = Ticks, time = 121150 |
|
1 | |
| System | Get Time | type = Ticks, time = 121509 |
|
2 | |
| System | Get Time | type = Ticks, time = 121743 |
|
1 | |
| System | Get Time | type = Ticks, time = 122008 |
|
1 | |
| System | Get Time | type = Ticks, time = 122835 |
|
2 | |
| System | Get Time | type = Ticks, time = 122975 |
|
1 | |
| System | Get Time | type = Ticks, time = 123162 |
|
1 | |
| System | Get Time | type = Ticks, time = 123256 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 124254 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 125222 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 125378 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 125674 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 126158 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 126969 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 |
Thread 0xab4
110
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 98670 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Get Time | type = Ticks, time = 99060 |
|
1 | |
| System | Get Time | type = Ticks, time = 99310 |
|
1 | |
| System | Get Time | type = Ticks, time = 99653 |
|
1 | |
| System | Get Time | type = Ticks, time = 99856 |
|
2 | |
| System | Get Time | type = Ticks, time = 100246 |
|
1 | |
| System | Get Time | type = Ticks, time = 100761 |
|
1 | |
| System | Get Time | type = Ticks, time = 101307 |
|
2 | |
| System | Get Time | type = Ticks, time = 101915 |
|
1 | |
| System | Get Time | type = Ticks, time = 102305 |
|
1 | |
| System | Get Time | type = Ticks, time = 102586 |
|
2 | |
| System | Get Time | type = Ticks, time = 102882 |
|
1 | |
| System | Get Time | type = Ticks, time = 103397 |
|
1 | |
| System | Get Time | type = Ticks, time = 103974 |
|
2 | |
| System | Get Time | type = Ticks, time = 104271 |
|
1 | |
| System | Get Time | type = Ticks, time = 104707 |
|
1 | |
| System | Get Time | type = Ticks, time = 105097 |
|
2 | |
| System | Get Time | type = Ticks, time = 105347 |
|
1 | |
| System | Get Time | type = Ticks, time = 105503 |
|
1 | |
| System | Get Time | type = Ticks, time = 105737 |
|
1 | |
| System | Get Time | type = Ticks, time = 106174 |
|
2 | |
| System | Get Time | type = Ticks, time = 106517 |
|
1 | |
| System | Get Time | type = Ticks, time = 106923 |
|
1 | |
| System | Get Time | type = Ticks, time = 107344 |
|
2 | |
| System | Get Time | type = Ticks, time = 107531 |
|
1 | |
| System | Get Time | type = Ticks, time = 107843 |
|
1 | |
| System | Get Time | type = Ticks, time = 108139 |
|
1 | |
| System | Get Time | type = Ticks, time = 108451 |
|
2 | |
| System | Get Time | type = Ticks, time = 108904 |
|
1 | |
| System | Get Time | type = Ticks, time = 109200 |
|
1 | |
| System | Get Time | type = Ticks, time = 109481 |
|
2 | |
| System | Get Time | type = Ticks, time = 109918 |
|
1 | |
| System | Get Time | type = Ticks, time = 110105 |
|
1 | |
| System | Get Time | type = Ticks, time = 110292 |
|
1 | |
| System | Get Time | type = Ticks, time = 110526 |
|
2 | |
| System | Get Time | type = Ticks, time = 110916 |
|
1 | |
| System | Get Time | type = Ticks, time = 111197 |
|
1 | |
| System | Get Time | type = Ticks, time = 111634 |
|
2 | |
| System | Get Time | type = Ticks, time = 111868 |
|
1 | |
| System | Get Time | type = Ticks, time = 112398 |
|
1 | |
| System | Get Time | type = Ticks, time = 112960 |
|
2 | |
| System | Get Time | type = Ticks, time = 113443 |
|
1 | |
| System | Get Time | type = Ticks, time = 113787 |
|
1 | |
| System | Get Time | type = Ticks, time = 113896 |
|
1 | |
| System | Get Time | type = Ticks, time = 114255 |
|
2 | |
| System | Get Time | type = Ticks, time = 114457 |
|
1 | |
| System | Get Time | type = Ticks, time = 115378 |
|
2 | |
| System | Get Time | type = Ticks, time = 115596 |
|
1 | |
| System | Get Time | type = Ticks, time = 116127 |
|
1 | |
| System | Get Time | type = Ticks, time = 116532 |
|
2 | |
| System | Get Time | type = Ticks, time = 116782 |
|
1 | |
| System | Get Time | type = Ticks, time = 117219 |
|
1 | |
| System | Get Time | type = Ticks, time = 117624 |
|
2 | |
| System | Get Time | type = Ticks, time = 117889 |
|
1 | |
| System | Get Time | type = Ticks, time = 118077 |
|
1 | |
| System | Get Time | type = Ticks, time = 118357 |
|
1 | |
| System | Get Time | type = Ticks, time = 118779 |
|
2 | |
| System | Get Time | type = Ticks, time = 118935 |
|
1 | |
| System | Get Time | type = Ticks, time = 119418 |
|
1 | |
| System | Get Time | type = Ticks, time = 119777 |
|
1 | |
| System | Get Time | type = Ticks, time = 120214 |
|
2 | |
| System | Get Time | type = Ticks, time = 120822 |
|
1 | |
| System | Get Time | type = Ticks, time = 121134 |
|
1 | |
| System | Get Time | type = Ticks, time = 121509 |
|
2 | |
| System | Get Time | type = Ticks, time = 121743 |
|
1 | |
| System | Get Time | type = Ticks, time = 122008 |
|
1 | |
| System | Get Time | type = Ticks, time = 122835 |
|
2 | |
| System | Get Time | type = Ticks, time = 122975 |
|
1 | |
| System | Get Time | type = Ticks, time = 123162 |
|
1 | |
| System | Get Time | type = Ticks, time = 123256 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 124254 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 125222 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 125378 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 125674 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 126158 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| System | Get Time | type = Ticks, time = 126969 |
|
2 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 |
Thread 0xab8
5537
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, type = size, size_out = 1565 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, size = 1048560, size_out = 1565 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1568 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2296 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2296 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2304 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, size = 1048560, size_out = 1450 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 246 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1886 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1886 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, size = 1888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 4207 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 4207 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4208 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, type = size, size_out = 1800 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, size = 1048560, size_out = 1800 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1808 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1452 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 832 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, type = size, size_out = 67190 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, size = 1048560, size_out = 67190 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btcdecoding@qq.com].dqb, size = 67200 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 9352 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 9352 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9360 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, type = size, size_out = 1349 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, size = 1048560, size_out = 1349 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1360 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4288 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, type = size, size_out = 6421 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, size = 1048560, size_out = 6421 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6432 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 16683 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 16683 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 16688 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4288 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, type = size, size_out = 31744 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, type = size, size_out = 197120 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, type = size, size_out = 224256 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, type = size, size_out = 2526 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 832 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, type = size, size_out = 1231 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, size = 1048560, size_out = 1231 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1232 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 242 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\InfoPathMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, type = size, size_out = 1852 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, size = 1048560, size_out = 1852 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1856 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\InfoPath.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, size = 1048560, size_out = 596341 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 596352 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, type = size, size_out = 71236 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, size = 1048560, size_out = 71236 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 71248 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 226 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OCT.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, type = size, size_out = 5557 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, size = 1048560, size_out = 5557 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5568 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 832 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, type = size, size_out = 37689 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, size = 1048560, size_out = 37689 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 37696 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSCONFIG.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, type = size, size_out = 27195 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, size = 1048560, size_out = 27195 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 27200 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10R.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, type = size, size_out = 67190 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, size = 1048560, size_out = 67190 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 67200 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, type = size, size_out = 9352 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, size = 1048560, size_out = 9352 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, type = size, size_out = 1383 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, size = 1048560, size_out = 1383 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1392 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 242 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, type = size, size_out = 4207 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, size = 1048560, size_out = 4207 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4208 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML, size = 1048560, size_out = 1450 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 246 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\PowerPointMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML, type = size, size_out = 1886 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML, size = 1048560, size_out = 1886 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1888 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML, type = size, size_out = 6421 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML, size = 1048560, size_out = 6421 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6432 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\PrjProrWW.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML, type = size, size_out = 1872 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML, size = 1048560, size_out = 1872 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1888 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML, type = size, size_out = 1347 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML, size = 1048560, size_out = 1347 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML, type = size, size_out = 1457 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML, size = 1048560, size_out = 1457 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1472 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.es\Proof.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML, type = size, size_out = 1458 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML, size = 1048560, size_out = 1458 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1472 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proof.fr\Proof.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML, type = size, size_out = 811 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML, size = 1048560, size_out = 811 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 816 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, type = size, size_out = 11463 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, size = 1048560, size_out = 11463 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 11472 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML, type = size, size_out = 8918 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML, size = 1048560, size_out = 8918 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8928 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\DATES.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML, type = size, size_out = 1844 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML, size = 1048560, size_out = 1844 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1856 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\PHONE.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, type = size, size_out = 39017 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT, size = 1048560, size_out = 39017 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 39024 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm, type = size, size_out = 255 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg, type = size, size_out = 1074 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg, type = size, size_out = 2575 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif, type = size, size_out = 4587 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif, type = size, size_out = 2319 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, type = size, size_out = 645 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, size = 1048560, size_out = 645 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, size = 656 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf, type = size, size_out = 3792 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm, type = size, size_out = 231 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg, type = size, size_out = 23871 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, type = size, size_out = 5524 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, type = size, size_out = 2985 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, size = 1048560, size_out = 2985 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2992 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF, type = size, size_out = 1363 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF, size = 1048560, size_out = 1363 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1376 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG, type = size, size_out = 20371 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG, size = 1048560, size_out = 20371 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20384 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CASCADE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF, type = size, size_out = 1293 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF, size = 1048560, size_out = 1293 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1296 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG, type = size, size_out = 20575 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG, size = 1048560, size_out = 20575 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20576 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF, type = size, size_out = 1287 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF, size = 1048560, size_out = 1287 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1296 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF, type = size, size_out = 1354 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF, size = 1048560, size_out = 1354 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, type = size, size_out = 32433 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, size = 1048560, size_out = 32433 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 32448 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, size = 1048560, size_out = 5120 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5136 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EVRGREEN\THMBNAIL.PNG, type = size, size_out = 60724 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, size = 1048560, size_out = 60724 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 60736 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, size = 1048560, size_out = 2552 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, size = 1048560, size_out = 1666 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1680 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\PREVIEW.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\THMBNAIL.PNG, type = size, size_out = 19563 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG, size = 1048560, size_out = 19563 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 19568 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG, size = 1048560, size_out = 1423 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1424 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\PREVIEW.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RADIAL\THMBNAIL.PNG, type = size, size_out = 15737 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG, size = 1048560, size_out = 15737 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 15744 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG, size = 1048560, size_out = 3970 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3984 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\PREVIEW.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\REFINED\THMBNAIL.PNG, type = size, size_out = 53115 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG, size = 1048560, size_out = 53115 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 53120 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG, size = 1048560, size_out = 2604 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2608 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\PREVIEW.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\THMBNAIL.PNG, type = size, size_out = 31975 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG, size = 1048560, size_out = 31975 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 31984 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG, size = 1048560, size_out = 4100 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4112 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\PREVIEW.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RIPPLE\THMBNAIL.PNG, type = size, size_out = 47962 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG, size = 1048560, size_out = 47962 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 47968 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RMNSQUE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 29305 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, size = 29312 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 21812 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 21824 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, size = 1048560, size_out = 42453 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 42464 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 174 |
|
1 | |
| File | Write | filename = C:\Program Files\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, size = 176 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\desktop.ini |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, size = 1048560, size_out = 28974 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 28976 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF, type = size, size_out = 6684 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 6684 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6688 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 7686 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7696 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 11891 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 11904 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 517 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 528 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 502 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 512 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 12702 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 12704 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 5375 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5376 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 9248 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9264 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 5016 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5024 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 4390 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4400 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF, type = size, size_out = 3966 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, size = 1048560, size_out = 3966 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3968 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, size = 1048560, size_out = 3378 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3392 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, size = 1048560, size_out = 6632 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6640 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF, type = size, size_out = 2108 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF, size = 1048560, size_out = 2108 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2112 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF, size = 1048560, size_out = 9240 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9248 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF, type = size, size_out = 2344 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF, size = 1048560, size_out = 2344 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2352 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF, size = 1048560, size_out = 6060 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6064 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF, size = 1048560, size_out = 3416 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 3424 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 3144 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3152 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 4296 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4304 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 3228 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3232 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 4808 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4816 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 4996 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5008 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 5004 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5008 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 4870 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4880 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF |
|
1 | |
| File | Get Info | type = size, size_out = 7966 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 7966 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7968 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 13515 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 13520 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 20189 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20192 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 20454 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20464 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 15733 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 15744 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 12982 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 12992 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF, type = size, size_out = 9304 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 9304 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9312 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 4024 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4032 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 1536 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1552 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 2556 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 11500 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 11504 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 2378 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2384 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 5580 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5584 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 1676 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1680 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 3896 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3904 |
|
1 | |
|
For performance reasons, the remaining 226 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xabc
2014
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 75344 |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\memtest.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\memtest.exe, type = size, size_out = 485760 |
|
1 | |
| File | Get Info | filename = C:\Boot\memtest.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\memtest.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\memtest.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\nb-NO\bootmgr.exe.mui, type = size, size_out = 88144 |
|
1 | |
| File | Get Info | filename = C:\Boot\nb-NO\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\nb-NO\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\nb-NO\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\nl-NL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = C:\Boot\nl-NL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\nl-NL\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\nl-NL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\pl-PL\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = C:\Boot\pl-PL\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\pl-PL\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\pl-PL\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\pt-BR\bootmgr.exe.mui, type = size, size_out = 90176 |
|
1 | |
| File | Get Info | filename = C:\Boot\pt-BR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\pt-BR\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\pt-BR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\pt-PT\bootmgr.exe.mui, type = size, size_out = 89664 |
|
1 | |
| File | Get Info | filename = C:\Boot\pt-PT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\pt-PT\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\pt-PT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, type = size, size_out = 2513920 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786700 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, type = size, size_out = 14819276 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlkLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, type = size, size_out = 875520 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, size = 1048560, size_out = 875520 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 875536 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, type = size, size_out = 881152 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, size = 1048560, size_out = 881152 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 881168 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, type = size, size_out = 21064532 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab, destination_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, type = size, size_out = 107912 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, size = 1048560, size_out = 107912 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 107920 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\1033\dwintl20.dll |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, type = size, size_out = 526176 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, size = 1048560, size_out = 526176 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 526192 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, type = size, size_out = 519584 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, size = 1048560, size_out = 519584 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, size = 519600 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, type = size, size_out = 3584 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, size = 1048560, size_out = 3584 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3600 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, type = size, size_out = 2517504 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786694 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccessMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, type = size, size_out = 222948913 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab, destination_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW2.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png, type = size, size_out = 36233052 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, destination_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl, type = size, size_out = 36233052 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, destination_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\pagefile.sys, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, type = size, size_out = 99136 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 99136 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 99152 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE, type = size, size_out = 629664 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE, size = 1048560, size_out = 629664 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 629680 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL, type = size, size_out = 2124664 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT, type = size, size_out = 712592 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT, size = 1048560, size_out = 712592 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 712608 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG, type = size, size_out = 1382 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG, size = 1048560, size_out = 1382 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1392 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui, type = size, size_out = 3584 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui, type = size, size_out = 4096 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe, type = size, size_out = 193024 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui, type = size, size_out = 3584 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui, type = size, size_out = 3584 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui, type = size, size_out = 4096 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 419232 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 419248 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL, type = size, size_out = 154448 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL, size = 1048560, size_out = 154448 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 154464 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ALRTINTL.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL, type = size, size_out = 2528128 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll, type = size, size_out = 105344 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll, size = 1048560, size_out = 105344 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 105360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\xlsrvintl.dll |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL, type = size, size_out = 15800 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL, size = 1048560, size_out = 15800 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 15808 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODDBS.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL, type = size, size_out = 15800 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL, size = 1048560, size_out = 15800 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 15808 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODEXL.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL, type = size, size_out = 15800 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL, size = 1048560, size_out = 15800 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 15808 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODTXT.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL, type = size, size_out = 691616 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL, size = 1048560, size_out = 691616 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 691632 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll, type = size, size_out = 5072816 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786682 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 |
Thread 0xac8
4526
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, size = 1048560, size_out = 129 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, size = 144 |
|
1 | |
| File | Read | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = size, size_out = 65536 |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 1048560, size_out = 65536 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 65552 |
|
1 | |
| File | Read | filename = C:\Boot\BOOTSTAT.DAT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Boot\BOOTSTAT.DAT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Boot\BOOTSTAT.DAT |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = size, size_out = 8192 |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\BOOTSECT.BAK.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\BOOTSECT.BAK.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\BOOTSECT.BAK, size = 1048560, size_out = 8192 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8208 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\BOOTSECT.BAK.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\BOOTSECT.BAK |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, type = size, size_out = 3186 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, size = 1048560, size_out = 3186 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3200 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2424 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2424 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 2432 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, type = size, size_out = 819 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, size = 1048560, size_out = 819 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 832 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, type = size, size_out = 16852 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, size = 1048560, size_out = 16852 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 16864 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 20577 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 20577 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20592 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, type = size, size_out = 8723 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, size = 1048560, size_out = 8723 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8736 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, type = size, size_out = 15067 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, size = 1048560, size_out = 15067 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btcdecoding@qq.com].dqb, size = 15072 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.id-9C354B42.[btcdecoding@qq.com].dqb, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, type = size, size_out = 1069 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, size = 1048560, size_out = 1069 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, size = 1072 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 62976 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml, type = size, size_out = 2522 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml, type = size, size_out = 2568 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml, type = size, size_out = 2626 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml, type = size, size_out = 2580 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml, type = size, size_out = 2600 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ADO210.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 786688 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, type = size, size_out = 26929 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, size = 1048560, size_out = 26929 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, size = 26944 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, type = size, size_out = 1606 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, size = 1048560, size_out = 1606 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1616 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\OneNoteMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, type = size, size_out = 16683 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, size = 1048560, size_out = 16683 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, size = 16688 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML, type = size, size_out = 6241 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML, size = 1048560, size_out = 6241 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, size = 6256 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML, type = size, size_out = 20577 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML, size = 1048560, size_out = 20577 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20592 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML, type = size, size_out = 8723 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML, size = 1048560, size_out = 8723 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8736 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 8564 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, size = 1048560, size_out = 8564 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8576 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf, type = size, size_out = 10340 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg, type = size, size_out = 4222 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, type = size, size_out = 152300 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, type = size, size_out = 2848 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, size = 1048560, size_out = 2848 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2864 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG, type = size, size_out = 33009 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG, size = 1048560, size_out = 33009 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 33024 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF, type = size, size_out = 1925 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF, size = 1048560, size_out = 1925 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1936 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG, type = size, size_out = 27407 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG, size = 1048560, size_out = 27407 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 27408 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUEPRNT\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF, type = size, size_out = 3479 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF, size = 1048560, size_out = 3479 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3488 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG, type = size, size_out = 31837 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG, size = 1048560, size_out = 31837 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 31840 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BOLDSTRI\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, type = size, size_out = 29925 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, size = 1048560, size_out = 29925 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, size = 29936 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG, type = size, size_out = 25106 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG, size = 1048560, size_out = 25106 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 25120 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF, type = size, size_out = 1347 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF, size = 1048560, size_out = 1347 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF, type = size, size_out = 1347 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, size = 1048560, size_out = 1347 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF, type = size, size_out = 5179 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF, size = 1048560, size_out = 5179 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5184 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG, type = size, size_out = 33559 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG, size = 1048560, size_out = 33559 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 33568 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\INDUST\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF, type = size, size_out = 2476 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF, size = 1048560, size_out = 2476 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2480 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, type = size, size_out = 19485 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, size = 1048560, size_out = 19485 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 19488 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF, type = size, size_out = 1379 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF, size = 1048560, size_out = 1379 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1392 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG, type = size, size_out = 48115 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG, size = 1048560, size_out = 48115 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 48128 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LEVEL\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF, type = size, size_out = 1364 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF, size = 1048560, size_out = 1364 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1376 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG, type = size, size_out = 11573 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG, size = 1048560, size_out = 11573 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, size = 11584 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\NETWORK\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF, type = size, size_out = 3611 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF, size = 1048560, size_out = 3611 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, size = 3616 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 2209 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF, size = 1048560, size_out = 2209 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2224 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SONORA\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF, type = size, size_out = 1675 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF, size = 1048560, size_out = 1675 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1680 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG, type = size, size_out = 18380 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG, size = 1048560, size_out = 18380 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 18384 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STUDIO\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF, type = size, size_out = 4991 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF, size = 1048560, size_out = 4991 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4992 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG, type = size, size_out = 44302 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG, size = 1048560, size_out = 44302 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 44304 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SUMIPNTG\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, type = size, size_out = 2668 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, size = 1048560, size_out = 2668 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2672 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config, type = size, size_out = 716 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config, size = 1048560, size_out = 716 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[btcdecoding@qq.com].dqb, size = 720 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.id-9C354B42.[btcdecoding@qq.com].dqb, size = 252 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG, type = size, size_out = 169637 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG, size = 1048560, size_out = 169637 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 169648 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\FPEXT.MSG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Services\verisign.bmp, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Services\verisign.bmp, type = size, size_out = 2702 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Services\verisign.bmp, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Services\verisign.bmp.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Services\verisign.bmp, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\ado\adojavas.inc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\ado\adojavas.inc, type = size, size_out = 14610 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\ado\adojavas.inc, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\ado\adojavas.inc.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\ado\adojavas.inc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\ado\adovbs.inc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\ado\adovbs.inc, type = size, size_out = 14951 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\ado\adovbs.inc, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\ado\adovbs.inc.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\ado\adovbs.inc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\msadc\adcjavas.inc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = size, size_out = 630 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\msadc\adcjavas.inc, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\msadc\adcjavas.inc.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\msadc\adcjavas.inc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png, type = size, size_out = 2820 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png, type = size, size_out = 5088 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv, size = 1048560, size_out = 17248 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 17264 |
|
1 | |
| File | Read | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, type = size, size_out = 18738 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, size = 1048560, size_out = 18738 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 18752 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 30948 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl, size = 1048560, size_out = 30948 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 30960 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 8097 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8112 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 1146 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1152 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 7583 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7584 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 6984 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6992 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 13254 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 13264 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 8582 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8592 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 4894 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4896 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 3746 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3760 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 5836 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5840 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 3012 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3024 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 2756 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2768 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 7372 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7376 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 7540 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7552 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 4612 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, size = 4624 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 24320 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 24336 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 24778 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 24784 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, type = size, size_out = 47996 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF, size = 1048560, size_out = 47996 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 48000 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF, size = 1048560, size_out = 40206 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 40208 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF, type = size, size_out = 47786 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF, size = 1048560, size_out = 47786 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 47792 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 9818 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9824 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 1012 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1024 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 880 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 896 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 4708 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4720 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 5752 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5760 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 9590 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9600 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 4408 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4416 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 6256 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6272 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 19476 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 19488 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 3768 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3776 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 3350 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3360 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, type = size, size_out = 29004 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, size = 1048560, size_out = 29004 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 29008 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, size = 1048560, size_out = 1330 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1344 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, size = 1048560, size_out = 1444 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF, type = size, size_out = 7974 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF, size = 1048560, size_out = 7974 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7984 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 2052 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2064 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 2422 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2432 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 2262 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2272 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 2262 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2272 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 5270 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5280 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 49546 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 49552 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 9992 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 10000 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 20784 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20800 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 24588 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 24592 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 2226 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF, size = 1048560, size_out = 2226 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2240 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF, size = 1048560, size_out = 14820 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 14832 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 3692 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 3692 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3696 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 1888 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1904 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 3796 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3808 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 2024 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2032 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 2084 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2096 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 2300 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2304 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 3252 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3264 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 1382 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1392 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 |
Thread 0xacc
1826
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, type = size, size_out = 2503680 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786702 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, type = size, size_out = 9958388 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PubLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, type = size, size_out = 43806141 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786688 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, type = size, size_out = 885760 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, size = 1048560, size_out = 885760 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 885776 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, type = size, size_out = 868864 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, size = 1048560, size_out = 868864 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 868880 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, type = size, size_out = 873984 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, size = 1048560, size_out = 873984 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 874000 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 242 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, type = size, size_out = 18874884 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, type = size, size_out = 17456632 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OnoteLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, type = size, size_out = 8265165 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786688 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, type = size, size_out = 838536 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, size = 1048560, size_out = 838536 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 838544 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, type = size, size_out = 3702272 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786694 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = size, size_out = 1992192 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786696 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = size, size_out = 36233052 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, destination_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, type = size, size_out = 1377656 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 329096 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, size = 329104 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png, type = size, size_out = 1463568 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 415008 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 415024 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, type = size, size_out = 10798080 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi, destination_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786694 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, type = size, size_out = 1377656 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, size = 1048560, size_out = 329096 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 329104 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, type = size, size_out = 7378792 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786688 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 1377656 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, size = 1048560, size_out = 329096 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 329104 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\setup.exe |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL, type = size, size_out = 1369952 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL, size = 1048560, size_out = 321392 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 321408 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll, type = size, size_out = 1486736 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll, size = 1048560, size_out = 438176 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 438192 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, type = size, size_out = 320384 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, size = 1048560, size_out = 320384 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 320400 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT, type = size, size_out = 73080 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT, size = 1048560, size_out = 73080 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 73088 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL, type = size, size_out = 1831424 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Help\ITIRCL55.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui, type = size, size_out = 26624 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe, type = size, size_out = 378880 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL, type = size, size_out = 198056 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL, size = 1048560, size_out = 198056 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 198064 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEINTL.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL, type = size, size_out = 52656 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL, size = 1048560, size_out = 52656 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 52672 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEODBCI.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL, type = size, size_out = 20944 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL, size = 1048560, size_out = 20944 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20960 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACERECR.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, type = size, size_out = 862608 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 862608 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 862624 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL, type = size, size_out = 41864 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL, size = 1048560, size_out = 41864 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 41872 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSSOAPR3.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL, type = size, size_out = 3213192 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACECORE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL, type = size, size_out = 442272 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL, size = 1048560, size_out = 442272 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 442288 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCH.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL, type = size, size_out = 537504 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL, size = 1048560, size_out = 537504 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 537520 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEOLEDB.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01151_.WMF, type = size, size_out = 318368 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL, size = 1048560, size_out = 318368 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 318384 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWSS.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll, type = size, size_out = 1784192 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 |
Thread 0xad0
5041
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, size = 1048560, size_out = 1450 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, type = size, size_out = 811 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, size = 1048560, size_out = 811 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 816 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proofing.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 5884 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 5884 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, type = size, size_out = 1383 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, size = 1048560, size_out = 1383 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1392 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 242 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Office32MUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 913 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, size = 1048560, size_out = 913 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 928 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, size = 1048560, size_out = 596341 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 596352 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\branding.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2624 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2624 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 2640 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 31094 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 31094 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 31104 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, type = size, size_out = 33280 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, type = size, size_out = 222208 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, type = size, size_out = 194048 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = size, size_out = 1600388 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, type = size, size_out = 1434 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 212 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, size = 1048560, size_out = 1941 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1952 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\README.HTM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 1048560, size_out = 1452 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4288 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.WW\Office32WW.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, type = size, size_out = 1988 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, size = 1048560, size_out = 1988 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2000 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OneNote.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, type = size, size_out = 3186 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, size = 1048560, size_out = 3186 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3200 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Outlook.en-us\OutlookMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML, size = 1048560, size_out = 1452 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Project.en-us\ProjectMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML, type = size, size_out = 16852 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML, size = 1048560, size_out = 16852 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 16864 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\ProPlusrWW.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML, type = size, size_out = 31094 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML, size = 1048560, size_out = 31094 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 31104 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PROPLUSR\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML, type = size, size_out = 1450 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML, size = 1048560, size_out = 1450 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\PublisherMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, type = size, size_out = 1608 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, size = 1048560, size_out = 1608 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1616 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 9503 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, size = 1048560, size_out = 9503 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9504 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Visio.en-us\VisioMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML, type = size, size_out = 2424 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML, size = 1048560, size_out = 2424 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2432 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML, type = size, size_out = 1800 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML, size = 1048560, size_out = 1800 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1808 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.DAT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Word.en-us\WordMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL, type = size, size_out = 227311 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL, size = 1048560, size_out = 227311 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 227312 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\BASMLA.XSL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, type = size, size_out = 1183416 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, size = 1048560, size_out = 134856 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 134864 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\METCONV.TXT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg, type = size, size_out = 237 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg, type = size, size_out = 2209 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf, type = size, size_out = 4192 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf, type = size, size_out = 26036 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg, type = size, size_out = 2950 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm, type = size, size_out = 237 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg, type = size, size_out = 6381 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 1569 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1584 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Publisher.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG, type = size, size_out = 25234 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG, size = 1048560, size_out = 25234 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 25248 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AFTRNOON\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, type = size, size_out = 34916 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG, size = 1048560, size_out = 34916 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 34928 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\AXIS\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF, type = size, size_out = 2181 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF, size = 1048560, size_out = 2181 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2192 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG, type = size, size_out = 20627 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG, size = 1048560, size_out = 20627 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20640 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLENDS\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, type = size, size_out = 1560 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, size = 1048560, size_out = 1560 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1568 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, type = size, size_out = 2044 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF, size = 1048560, size_out = 2044 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2048 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF, type = size, size_out = 3957 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF, size = 1048560, size_out = 3957 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3968 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG, type = size, size_out = 33277 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG, size = 1048560, size_out = 33277 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 33280 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, type = size, size_out = 1453 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, size = 1048560, size_out = 1453 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG, type = size, size_out = 32403 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG, size = 1048560, size_out = 32403 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 32416 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG, type = size, size_out = 26402 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG, size = 1048560, size_out = 26402 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 26416 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EDGE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF, type = size, size_out = 1232 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF, size = 1048560, size_out = 1232 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1248 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG, type = size, size_out = 18413 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG, size = 1048560, size_out = 18413 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 18416 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\JOURNAL\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF, type = size, size_out = 1659 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF, size = 1048560, size_out = 1659 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1664 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 44850 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG, size = 1048560, size_out = 44850 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 44864 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF, type = size, size_out = 1339 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF, size = 1048560, size_out = 1339 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1344 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG, type = size, size_out = 16738 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG, size = 1048560, size_out = 16738 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 16752 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PROFILE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF, type = size, size_out = 1439 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF, size = 1048560, size_out = 1439 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1440 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG, type = size, size_out = 37112 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG, size = 1048560, size_out = 37112 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, size = 37120 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\QUAD\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF, type = size, size_out = 937 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF, size = 1048560, size_out = 937 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 944 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SKY\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG, type = size, size_out = 27177 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG, size = 1048560, size_out = 27177 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 27184 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG, type = size, size_out = 33479 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG, size = 1048560, size_out = 33479 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 33488 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM, type = size, size_out = 334427 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM, size = 1048560, size_out = 334427 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 334432 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\FM20.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM, type = size, size_out = 109718 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM, size = 1048560, size_out = 109718 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 109728 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBCN6.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM, type = size, size_out = 944994 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM, size = 1048560, size_out = 944994 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 945008 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBLR6.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc, type = size, size_out = 9804 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png, type = size, size_out = 6431 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 32146 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl, size = 1048560, size_out = 32146 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 32160 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl, type = size, size_out = 39515 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl, size = 1048560, size_out = 39515 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 39520 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl, type = size, size_out = 29790 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl, size = 1048560, size_out = 29790 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 29792 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl, size = 1048560, size_out = 9024 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9040 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl, type = size, size_out = 7216 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF, size = 1048560, size_out = 7216 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7232 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 14873 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 14880 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwdcw20.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 3484 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF, size = 1048560, size_out = 3484 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3488 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF, size = 1048560, size_out = 3140 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3152 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF, type = size, size_out = 12482 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF, size = 1048560, size_out = 12482 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 12496 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF, size = 1048560, size_out = 5253 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5264 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF, size = 1048560, size_out = 2596 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2608 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 3120 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3136 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 3026 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3040 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 4734 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4736 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 5684 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5696 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 20578 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20592 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 10832 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 10848 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 14428 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 14432 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 2636 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2640 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 7668 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7680 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 8492 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8496 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 7804 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7808 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 7804 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7808 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 2016 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2032 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 2492 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 2492 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2496 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 26886 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 26896 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 28948 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 28960 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 11636 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 11648 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 22516 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 22528 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 16180 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 16180 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 16192 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 17236 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 17248 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 16112 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 16128 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 9710 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9712 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF, type = size, size_out = 8772 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF, size = 1048560, size_out = 8772 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8784 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF, size = 1048560, size_out = 14486 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 14496 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF, type = size, size_out = 18304 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF, size = 1048560, size_out = 18304 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 18320 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF, size = 1048560, size_out = 11058 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 11072 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 12520 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 12528 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 10146 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 10160 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 1464 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1472 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 1696 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1712 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 1516 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1520 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 3986 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4000 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 8070 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8080 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, type = size, size_out = 14444 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 14444 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 14448 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 12482 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 12496 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 2644 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2656 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 5272 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5280 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 3016 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3024 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 3780 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3792 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 4164 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4176 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 812 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 816 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 13102 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 13104 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 27050 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 27056 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 6996 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7008 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 8366 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8368 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 4976 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4992 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
|
For performance reasons, the remaining 100 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Thread 0xad4
1974
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, type = size, size_out = 70361744 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, type = size, size_out = 11482605 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab, destination_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, type = size, size_out = 2928955 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\OWOW32LR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, type = size, size_out = 50823389 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, type = size, size_out = 2503680 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786696 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
2 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, size = 262144 |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BLUECALM\PREVIEW.GIF, type = size, size_out = 2507776 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786694 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 655872 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, size = 1048560, size_out = 655872 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 655888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, type = size, size_out = 868864 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, size = 1048560, size_out = 868864 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 868880 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, type = size, size_out = 191872 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, size = 1048560, size_out = 191872 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 191888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, type = size, size_out = 28016276 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\AccLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = size, size_out = 1463568 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 415008 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 415024 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab, type = size, size_out = 177720283 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab, destination_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 1992192 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786696 |
|
1 | |
| File | Write | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, type = size, size_out = 162970271 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab, destination_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = size, size_out = 1992192 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi, destination_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786696 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\Office32WW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = size, size_out = 1463568 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 415008 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 415024 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, type = size, size_out = 12060672 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi, destination_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL, type = size, size_out = 64096 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL, size = 1048560, size_out = 64096 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 64112 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, type = size, size_out = 2557 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, size = 1048560, size_out = 2557 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, type = size, size_out = 543304 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, size = 1048560, size_out = 543304 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 543312 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest, type = size, size_out = 566 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest, size = 1048560, size_out = 566 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, size = 576 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, size = 254 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL, type = size, size_out = 31104 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL, size = 1048560, size_out = 31104 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 31120 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, type = size, size_out = 1312656 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, size = 1048560, size_out = 264096 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 264112 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, type = size, size_out = 6811 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, size = 1048560, size_out = 6811 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6816 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.CFG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, type = size, size_out = 323936 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, size = 1048560, size_out = 323936 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 323952 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 241024 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT, size = 1048560, size_out = 241024 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 241040 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT, type = size, size_out = 302976 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT, size = 1048560, size_out = 302976 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 302992 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT, type = size, size_out = 280448 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT, size = 1048560, size_out = 280448 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 280464 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 1257984 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 209424 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 209440 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, type = size, size_out = 11656 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, size = 1048560, size_out = 11656 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 11664 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL, type = size, size_out = 43408 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL, size = 1048560, size_out = 43408 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 43424 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEERR.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL, type = size, size_out = 1012648 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL, size = 1048560, size_out = 1012648 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1012656 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEES.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL, type = size, size_out = 342960 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL, size = 1048560, size_out = 342960 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 342976 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEODBC.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 55744 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL, size = 1048560, size_out = 55744 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 55760 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACERCLR.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 502168 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL, size = 1048560, size_out = 502168 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 502176 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEXBE.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF, type = size, size_out = 4297568 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.id-9C354B42.[btcdecoding@qq.com].dqb, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL, type = size, size_out = 518984 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL, size = 1048560, size_out = 518984 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 518992 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXPSRV.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, type = size, size_out = 138616 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 138616 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 138624 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\IACOM2.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 |
Thread 0xad8
4110
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1608 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1608 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1616 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, type = size, size_out = 1347 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, size = 1048560, size_out = 1347 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1360 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.en\Proof.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, type = size, size_out = 1457 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, size = 1048560, size_out = 1457 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1472 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, type = size, size_out = 1458 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, size = 1048560, size_out = 1458 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1472 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.fr\Proof.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 2362 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 2362 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2368 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0043-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, type = size, size_out = 1231 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, size = 1048560, size_out = 1231 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1232 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 242 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1852 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1852 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1856 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 6241 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 6241 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6256 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, type = size, size_out = 9503 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, size = 1048560, size_out = 9503 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9504 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, type = size, size_out = 1606 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, size = 1048560, size_out = 1606 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1616 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\OneNoteMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1988 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1988 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2000 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, type = size, size_out = 1452 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, size = 1048560, size_out = 1452 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 1872 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 1872 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1888 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, type = size, size_out = 5557 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, size = 1048560, size_out = 5557 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5568 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml, type = size, size_out = 27195 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 1048560, size_out = 27195 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btcdecoding@qq.com].dqb, size = 27200 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, type = size, size_out = 596341 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, size = 1048560, size_out = 596341 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 596352 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = size, size_out = 4274 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 4274 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4288 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml.id-9C354B42.[btcdecoding@qq.com].dqb, size = 240 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\Office32WW.xml |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, type = size, size_out = 1061 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, size = 1048560, size_out = 1061 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1072 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, type = size, size_out = 1682 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, size = 1048560, size_out = 1682 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1696 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, type = size, size_out = 791686 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, type = size, size_out = 27045 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 89600 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml, type = size, size_out = 2652 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML, type = size, size_out = 1349 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML, size = 1048560, size_out = 1349 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, size = 1360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, type = size, size_out = 2624 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, size = 1048560, size_out = 2624 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2640 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Access.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, type = size, size_out = 1565 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, size = 1048560, size_out = 1565 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1568 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\ExcelMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, type = size, size_out = 2296 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, size = 1048560, size_out = 2296 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2304 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Excel.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, type = size, size_out = 913 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML, size = 1048560, size_out = 913 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, size = 928 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\Office32MUI.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\OfficeMUISet.XML, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Groove.en-us\GrooveMUI.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, type = size, size_out = 2362 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, size = 1048560, size_out = 2362 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2368 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\PRJPROR\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office32.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML, type = size, size_out = 5884 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML, size = 1048560, size_out = 5884 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5888 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\VISIOR\VisiorWW.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Proofing.en-us\SETUP.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\TIME.XML, type = size, size_out = 2687 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML, size = 1048560, size_out = 2687 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2688 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Smart Tag\LISTS\1033\STOCKS.XML |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm, type = size, size_out = 116724 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg, type = size, size_out = 6406 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf, type = size, size_out = 2920 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf, type = size, size_out = 7498 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\PREVIEW.GIF, type = size, size_out = 235 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG, type = size, size_out = 19780 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG, size = 1048560, size_out = 19780 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 19792 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ARCTIC\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF, type = size, size_out = 2722 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF, size = 1048560, size_out = 2722 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2736 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG, type = size, size_out = 43276 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG, size = 1048560, size_out = 43276 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 43280 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\BREEZE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF, type = size, size_out = 945 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF, size = 1048560, size_out = 945 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 960 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG, type = size, size_out = 32607 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG, size = 1048560, size_out = 32607 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, size = 32608 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CAPSULES\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CANYON\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\EXPEDITN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 28595 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG, size = 1048560, size_out = 28595 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 28608 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\IRIS\THMBNAIL.PNG, type = size, size_out = 18817 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, size = 1048560, size_out = 18817 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 18832 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ICE\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF, type = size, size_out = 2574 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF, size = 1048560, size_out = 2574 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2576 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG, type = size, size_out = 37440 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG, size = 1048560, size_out = 37440 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 37456 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PAPYRUS\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF, type = size, size_out = 1593 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF, size = 1048560, size_out = 1593 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1600 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 21745 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, size = 1048560, size_out = 21745 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 21760 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\PIXEL\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 34163 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, size = 1048560, size_out = 34163 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 34176 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SATIN\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, type = size, size_out = 1009 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, size = 1048560, size_out = 1009 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1024 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF, type = size, size_out = 2527 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF, size = 1048560, size_out = 2527 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2528 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG, type = size, size_out = 19525 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG, size = 1048560, size_out = 19525 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 19536 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SPRING\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF, type = size, size_out = 1737 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF, size = 1048560, size_out = 1737 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1744 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\STRTEDGE\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF, type = size, size_out = 1571 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF, size = 1048560, size_out = 1571 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1584 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\PREVIEW.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG, type = size, size_out = 30170 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG, size = 1048560, size_out = 30170 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 30176 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATERMAR\THMBNAIL.PNG |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM, type = size, size_out = 72031 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM, size = 1048560, size_out = 72031 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 72032 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBENDF98.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM, type = size, size_out = 58026 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM, size = 1048560, size_out = 58026 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 58032 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBHW6.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM, type = size, size_out = 123956 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM, size = 1048560, size_out = 123956 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 123968 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBOB6.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM, type = size, size_out = 416918 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM, size = 1048560, size_out = 416918 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 416928 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 230 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\1033\VBUI6.CHM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc, type = size, size_out = 9975 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png, type = size, size_out = 24557 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png, type = size, size_out = 4503 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv, type = size, size_out = 869322 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab, type = size, size_out = 34076 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl, size = 1048560, size_out = 34076 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 34080 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 3251 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3264 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\OWOW32WW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 10607 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 10608 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 15308 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 15312 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 5315 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5328 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 4955 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4960 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 5030 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5040 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\PidGenX.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 7072 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7088 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 3344 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3360 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 1596 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1600 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 7968 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7984 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 1832 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1840 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\WATER\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 26332 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 26336 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 27858 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 27872 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 6636 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6640 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 3348 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3360 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 16676 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 16688 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF, type = size, size_out = 26748 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, size = 1048560, size_out = 26748 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 26752 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, size = 1048560, size_out = 4924 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4928 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 4066 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4080 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 14540 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 14544 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 20554 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 20560 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 7862 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7872 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\ACEWSTR.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 1736 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1744 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 27552 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 27568 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 1044 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1056 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 2166 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2176 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 1712 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1728 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 3524 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3536 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 42992 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 43008 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 42908 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 42912 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 712 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 720 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 1932 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1936 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | size = 1048560, size_out = 2952 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2960 |
|
1 | |
| File | Read | size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF, type = size, size_out = 2228 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 2228 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2240 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 2080 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2096 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 2004 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2016 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 2020 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2032 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 2404 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2416 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 2052 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2064 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF |
|
1 |
Thread 0xadc
2202
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76c20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\BCD, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG1, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG1, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\BCD.LOG2, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, type = size, size_out = 89168 |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui, type = size, size_out = 91712 |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 94800 |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 85056 |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 43600 |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\memtest.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\memtest.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 89152 |
|
1 | |
| File | Get Info | filename = C:\Boot\fi-FI\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\fi-FI\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\fi-FI\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 3694080 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\chs_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\chs_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\chs_boot.ttf, destination_filename = C:\Boot\Fonts\chs_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 3876772 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\cht_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\cht_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\cht_boot.ttf, destination_filename = C:\Boot\Fonts\cht_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 1984228 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\jpn_boot.ttf, destination_filename = C:\Boot\Fonts\jpn_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 2371360 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\kor_boot.ttf, destination_filename = C:\Boot\Fonts\kor_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 47452 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 93248 |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 90688 |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 76352 |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, type = size, size_out = 2865664 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786696 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001A-0409-1000-0000000FF1CE}-C\OutlookMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, type = size, size_out = 2522624 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-001B-0409-1000-0000000FF1CE}-C\WordMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.XML, type = size, size_out = 13642474 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab, destination_filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786686 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-002C-0409-1000-0000000FF1CE}-C\Proof.es\Proof.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, type = size, size_out = 3124224 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786698 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0044-0409-1000-0000000FF1CE}-C\InfoPathMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, type = size, size_out = 2797568 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, type = size, size_out = 2511872 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi, destination_filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, size = 786696 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 4095519 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\LAYERS\THMBNAIL.PNG.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 1857 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, size = 1048560, size_out = 1857 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1872 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.id-9C354B42.[btcdecoding@qq.com].dqb, size = 266 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, type = size, size_out = 14127746 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab, destination_filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, type = size, size_out = 868864 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, size = 1048560, size_out = 868864 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 868880 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 244 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, type = size, size_out = 174440 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, size = 1048560, size_out = 174440 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 174448 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 226 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, type = size, size_out = 7378792 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786688 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = size, size_out = 715834 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 715834 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 715840 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\SLATE\PREVIEW.GIF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 260 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, type = size, size_out = 27532288 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi, destination_filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786696 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0011-0000-1000-0000000FF1CE}-C\ProPlusrWW.msi.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, type = size, size_out = 174440 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, size = 1048560, size_out = 174440 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 174448 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 226 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, type = size, size_out = 7378792 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll, destination_filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786688 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\osetup.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = size, size_out = 715834 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 715834 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, size = 715840 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, size = 260 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, type = size, size_out = 174440 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, size = 1048560, size_out = 174440 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 174448 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe.id-9C354B42.[btcdecoding@qq.com].dqb, size = 226 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\ose.exe |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = size, size_out = 715834 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 715834 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, size = 715840 |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms.id-9C354B42.[btcdecoding@qq.com].dqb, size = 260 |
|
1 | |
| File | Delete | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\pkeyconfig-office.xrm-ms |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, type = size, size_out = 195011319 |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab, destination_filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786692 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\DESIGNER\MSADDNDR.DLL, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 994184 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE, size = 1048560, size_out = 994184 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 994192 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.id-9C354B42.[btcdecoding@qq.com].dqb, size = 228 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, type = size, size_out = 176311 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, size = 1048560, size_out = 176311 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[btcdecoding@qq.com].dqb, size = 176320 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, type = size, size_out = 7656 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, size = 1048560, size_out = 7656 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7664 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, type = size, size_out = 38768 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 38768 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 38784 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FLT, type = size, size_out = 606062 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 606062 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 606064 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\CGMIMP32.FNT |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM, type = size, size_out = 1908 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM, size = 1048560, size_out = 1908 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1920 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM.id-9C354B42.[btcdecoding@qq.com].dqb, size = 224 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.CGM |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll, type = size, size_out = 430080 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll, size = 1048560, size_out = 430080 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 430096 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL, type = size, size_out = 55680 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL, size = 1048560, size_out = 55680 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 55696 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 250 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.DLL.IDX_DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL, type = size, size_out = 1388416 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL, size = 1048560, size_out = 1048560 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, size = 1048560 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL, size = 1048560, size_out = 339856 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, size = 339872 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\OARPMANR.DLL, size = 252 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL, type = size, size_out = 744888 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL, size = 1048560, size_out = 744888 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 744896 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEDAO.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL, type = size, size_out = 899992 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL, size = 1048560, size_out = 899992 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 900000 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL, type = size, size_out = 451480 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL, size = 1048560, size_out = 451480 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 451488 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACER3X.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL, type = size, size_out = 297360 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL, size = 1048560, size_out = 297360 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 297376 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEREP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 232 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACETXT.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL, type = size, size_out = 3050912 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE, GENERIC_READ |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144, size_out = 262144 |
|
3 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 786690 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ACEWDAT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 262144 |
|
3 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL, type = size, size_out = 385368 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL, size = 1048560, size_out = 385368 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 385376 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_PDF.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\ATLCONV.DLL |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL, type = size, size_out = 71032 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL, size = 1048560, size_out = 71032 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 71040 |
|
1 | |
| File | Read | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\EXP_XPS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 |
Thread 0xaf0
1111
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0xaf4
747
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Process #2: cmd.exe
246
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:30, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xa9c |
| Parent PID | 0xa90 (c:\users\5p5nrgjn0js halpmcxz\desktop\ivttvf.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AA0
|
Threads
Thread 0xaa0
246
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-07-07 23:39:35 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 98811 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 15234611798 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a1e0000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x76e46d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop, type = file_attributes |
|
2 | |
| Environment | Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x76e30000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x76e423d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x76e38290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x76e417e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\mode.com, os_pid = 0xae8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x76f50000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x76fa14a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\mode.com, address = 8796092887040, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 38 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\vssadmin.exe, os_pid = 0xaf8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\vssadmin.exe, address = 8796092887040, size = 896 |
|
1 |
Process #3: mode.com
0
0
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\windows\system32\mode.com |
| Command Line | mode con cp select=1251 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:32, Reason: Child Process |
| Unmonitor | End Time: 00:00:34, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xae8 |
| Parent PID | 0xa9c (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AEC
|
Process #4: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:32, Reason: Child Process |
| Unmonitor | End Time: 00:01:02, Reason: Self Terminated |
| Monitor Duration | 00:00:30 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaf8 |
| Parent PID | 0xa9c (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AFC
0x
B0C
0x
B14
0x
B1C
0x
B20
|
Process #5: vssvc.exe
3
0
| Information | Value |
|---|---|
| ID | #5 |
| File Name | c:\windows\system32\vssvc.exe |
| Command Line | C:\Windows\system32\vssvc.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:42, Reason: RPC Server |
| Unmonitor | End Time: 00:04:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:52 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbbc |
| Parent PID | 0x1cc (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
BD4
0x
BD0
0x
BCC
0x
BC8
0x
BC4
0x
BC0
0x
BD8
0x
BF4
0x
944
0x
2A8
|
Threads
Thread 0xbcc
3
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-07-07 23:39:45 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 109169 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 16418882233 |
|
1 |
Process #9: ivttvf.exe
6508
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\programdata\microsoft\windows\start menu\programs\startup\ivttvf.exe |
| Command Line | "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:19, Reason: Autostart |
| Unmonitor | End Time: 00:04:34, Reason: Terminated by Timeout |
| Monitor Duration | 00:00:15 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4e0 |
| Parent PID | 0x3a8 (c:\windows\system32\audiodg.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
4E4
0x
534
0x
560
0x
564
0x
568
0x
56C
0x
58C
0x
570
0x
660
0x
664
0x
668
0x
66C
0x
674
0x
678
0x
67C
0x
680
0x
684
0x
688
0x
6A4
0x
6A8
|
Threads
Thread 0x4e4
320
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76e31222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76e334b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76e354ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76e34442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x76e49af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x76e359e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76e34950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x76e31b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76e37a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76e35223 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x76e3dd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameA, address_out = 0x76e4b6e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x76e3424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76e31700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76e35a4b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76e31809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76e31136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x76e35371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76e3110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76e389b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76e3170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76e31916 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76e310ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77df2270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76e33ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76e33f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x76e35151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77df22b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x76e34220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x76e4d5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x76e33e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77e045f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x76e3111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76e31410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76e34467 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x76e334d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x76e34173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76e31725 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceFrequency, address_out = 0x76e341f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76e311f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x76e4d4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x76e4c860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76e31282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76e4c807 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x76e4ce2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x76e34435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76e314e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77e11f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77dfe026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76e314c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x76eb415b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleInformation, address_out = 0x76e4195c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76e3103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76e33bca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x76e33c5a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x76e31986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76e4d802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x76e35a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x76e35a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76e311c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76e5735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x76e5896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x76e58baf |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x77100000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7711468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x771146ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x771114d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7711469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77114304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7711431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x7710ca64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x7710ca4c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x7711369c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x77127144 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x77112a86 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumDependentServicesW, address_out = 0x77101e3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumServicesStatusExW, address_out = 0x7710b466 |
|
1 | |
| Module | Load | module_name = user32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x760490d3 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x761d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x761f1e46 |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77dd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77defda0 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x739f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x739f2dd6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x739f2f06 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x739f3058 |
|
1 | |
| Module | Load | module_name = ws2_32.dll, base_address = 0x76f60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = WSAStartup, address_out = 0x76f63ab2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = socket, address_out = 0x76f63eb8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = send, address_out = 0x76f66f01 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = recv, address_out = 0x76f66b0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = connect, address_out = 0x76f66bdd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = closesocket, address_out = 0x76f63918 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = gethostbyname, address_out = 0x76f77673 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = inet_addr, address_out = 0x76f6311b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = ntohl, address_out = 0x76f62d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htonl, address_out = 0x76f62d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htons, address_out = 0x76f62d8b |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 6829334258 |
|
1 | |
| System | Get Time | type = Ticks, time = 25053 |
|
3 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_5M390TA, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_5M390TA |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_5M390TU, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Create | mutex_name = Global\syncronize_5M390TU |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\ivttvf.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 32767 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Windows\System32\ivttvf.exe, desired_access = GENERIC_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ivttvf.exe, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 1048576, size_out = 94720 |
|
1 | |
| File | Write | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ivttvf.exe, size = 94720 |
|
1 | |
| File | Read | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 1048576, size_out = 0 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, value_name = ivttvf.exe, data = 6417656, size = 112, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
1 | |
| Registry | Write Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, value_name = ivttvf.exe, data = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\ivttvf.exe, size = 112, type = REG_SZ |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = 83, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Startup, data = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, value_name = Common Startup, data = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup, type = REG_EXPAND_SZ |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ |
|
1 | |
| File | Create | filename = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, desired_access = GENERIC_WRITE |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| File | Create Pipe | pipe_name = Anonymous read pipe, size = 0 |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\cmd.exe, os_pid = 0x540, startup_flags = STARTF_USESHOWWINDOW, STARTF_USESTDHANDLES, show_window = SW_HIDE |
|
1 | |
| File | Write | size = 65 |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\ivttvf.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 32767 |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\ivttvf.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 32767 |
|
1 | |
| System | Sleep | duration = -1 (infinite) |
|
1 |
Thread 0x560
882
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Service | Enumerate | database_name = SERVICES_ACTIVE_DATABASE |
|
1 | |
| Process | Enumerate Processes | - |
|
2 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| Process | Enumerate Processes | - |
|
1 | |
| System | Sleep | duration = 500 milliseconds (0.500 seconds) |
|
1 | |
| Service | Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
Thread 0x564
6
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| Module | Get Filename | process_name = c:\programdata\microsoft\windows\start menu\programs\startup\ivttvf.exe, file_name_orig = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, size = 32767 |
|
1 | |
| Process | Create | process_name = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe, show_window = SW_SHOWNORMAL |
|
1 |
Thread 0x568
27
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
26 |
Thread 0x56c
38
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 29764 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Get Time | type = Ticks, time = 30326 |
|
1 | |
| System | Get Time | type = Ticks, time = 30622 |
|
1 | |
| System | Get Time | type = Ticks, time = 31044 |
|
2 | |
| System | Get Time | type = Ticks, time = 31434 |
|
1 | |
| System | Get Time | type = Ticks, time = 31824 |
|
1 | |
| System | Get Time | type = Ticks, time = 32417 |
|
2 | |
| System | Get Time | type = Ticks, time = 32744 |
|
1 | |
| System | Get Time | type = Ticks, time = 33072 |
|
1 | |
| System | Get Time | type = Ticks, time = 33212 |
|
1 | |
| System | Get Time | type = Ticks, time = 33384 |
|
1 | |
| System | Get Time | type = Ticks, time = 33587 |
|
2 | |
| System | Get Time | type = Ticks, time = 33743 |
|
1 | |
| System | Get Time | type = Ticks, time = 33977 |
|
1 | |
| System | Get Time | type = Ticks, time = 34226 |
|
1 | |
| System | Get Time | type = Ticks, time = 34367 |
|
1 | |
| System | Get Time | type = Ticks, time = 34601 |
|
2 | |
| System | Get Time | type = Ticks, time = 34710 |
|
1 | |
| System | Get Time | type = Ticks, time = 34835 |
|
1 | |
| System | Get Time | type = Ticks, time = 34959 |
|
1 | |
| System | Get Time | type = Ticks, time = 35069 |
|
1 | |
| System | Get Time | type = Ticks, time = 35193 |
|
1 | |
| System | Get Time | type = Ticks, time = 35318 |
|
1 | |
| System | Get Time | type = Ticks, time = 35552 |
|
1 | |
| System | Get Time | type = Ticks, time = 35661 |
|
2 | |
| System | Get Time | type = Ticks, time = 35771 |
|
1 | |
| System | Get Time | type = Ticks, time = 35864 |
|
1 | |
| System | Get Time | type = Ticks, time = 35989 |
|
1 | |
| System | Get Time | type = Ticks, time = 36270 |
|
1 |
Thread 0x570
38
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = Ticks, time = 29936 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Get Time | type = Ticks, time = 30357 |
|
1 | |
| System | Get Time | type = Ticks, time = 30622 |
|
1 | |
| System | Get Time | type = Ticks, time = 31028 |
|
1 | |
| System | Get Time | type = Ticks, time = 31044 |
|
1 | |
| System | Get Time | type = Ticks, time = 31418 |
|
1 | |
| System | Get Time | type = Ticks, time = 31824 |
|
1 | |
| System | Get Time | type = Ticks, time = 32417 |
|
2 | |
| System | Get Time | type = Ticks, time = 32744 |
|
1 | |
| System | Get Time | type = Ticks, time = 33072 |
|
1 | |
| System | Get Time | type = Ticks, time = 33212 |
|
1 | |
| System | Get Time | type = Ticks, time = 33384 |
|
1 | |
| System | Get Time | type = Ticks, time = 33587 |
|
2 | |
| System | Get Time | type = Ticks, time = 33743 |
|
1 | |
| System | Get Time | type = Ticks, time = 33977 |
|
1 | |
| System | Get Time | type = Ticks, time = 34226 |
|
1 | |
| System | Get Time | type = Ticks, time = 34367 |
|
1 | |
| System | Get Time | type = Ticks, time = 34601 |
|
2 | |
| System | Get Time | type = Ticks, time = 34710 |
|
1 | |
| System | Get Time | type = Ticks, time = 34835 |
|
1 | |
| System | Get Time | type = Ticks, time = 34959 |
|
1 | |
| System | Get Time | type = Ticks, time = 35069 |
|
1 | |
| System | Get Time | type = Ticks, time = 35193 |
|
1 | |
| System | Get Time | type = Ticks, time = 35318 |
|
1 | |
| System | Get Time | type = Ticks, time = 35552 |
|
1 | |
| System | Get Time | type = Ticks, time = 35661 |
|
2 | |
| System | Get Time | type = Ticks, time = 35771 |
|
1 | |
| System | Get Time | type = Ticks, time = 35864 |
|
1 | |
| System | Get Time | type = Ticks, time = 35989 |
|
1 | |
| System | Get Time | type = Ticks, time = 36270 |
|
1 |
Thread 0x660
604
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = size, size_out = 129 |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\bootex.log, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 5120 |
|
1 | |
| File | Get Info | filename = C:\bootex.log, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\bootex.log.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\bootex.log, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\bootex.log.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\bootex.log, size = 1048560, size_out = 5120 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, size = 5136 |
|
1 | |
| File | Read | filename = C:\bootex.log, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, size = 232 |
|
1 | |
| File | Delete | filename = C:\bootex.log |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, type = size, size_out = 197120 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, type = size, size_out = 222208 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, type = size, size_out = 194048 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = size, size_out = 1600388 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, type = size, size_out = 1434 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = size, size_out = 212 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png, type = size, size_out = 2978 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png, type = size, size_out = 3133 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png, type = size, size_out = 3518 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 3119 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID, size = 1048560, size_out = 2700 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2704 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF, type = size, size_out = 6780 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF, size = 1048560, size_out = 6780 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6784 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID, type = size, size_out = 7944 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF, size = 1048560, size_out = 7944 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7952 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF, type = size, size_out = 17850 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF, size = 1048560, size_out = 17850 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 17856 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00076_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 |
Thread 0x664
355
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\bootsqm.dat, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, type = size, size_out = 3264 |
|
1 | |
| File | Get Info | filename = C:\bootsqm.dat, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\bootsqm.dat.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\bootsqm.dat, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\bootsqm.dat.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\bootsqm.dat, size = 1048560, size_out = 3264 |
|
1 | |
| File | Write | filename = C:\bootsqm.dat.id-9C354B42.[btcdecoding@qq.com].dqb, size = 3280 |
|
1 | |
| File | Read | filename = C:\bootsqm.dat, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\bootsqm.dat.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\bootsqm.dat |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi, type = size, size_out = 33280 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, type = size, size_out = 224256 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM, type = size, size_out = 3166 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml, type = size, size_out = 804 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml, type = size, size_out = 488 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml, type = size, size_out = 617 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 1448 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1456 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 13936 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 |
Thread 0x668
691
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\bootsqm.dat.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 27045 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = size, size_out = 62976 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml, type = size, size_out = 247 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml, type = size, size_out = 209 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, type = size, size_out = 1437 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml, type = size, size_out = 219 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml, type = size, size_out = 924 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml, type = size, size_out = 215 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml, type = size, size_out = 749 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml, type = size, size_out = 1166 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png, type = size, size_out = 153 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png, type = size, size_out = 3819 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv, type = size, size_out = 5477696 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv, type = size, size_out = 5749696 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv, type = size, size_out = 1829606 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv, type = size, size_out = 1837606 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv, type = size, size_out = 1589606 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv, type = size, size_out = 1613606 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv, type = size, size_out = 6717684 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 6765684 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 6938 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6944 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 |
Thread 0x66c
731
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\bootex.log.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 791686 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, type = size, size_out = 89600 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi, type = size, size_out = 31744 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM, type = size, size_out = 3161 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml, type = size, size_out = 738 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, type = size, size_out = 471 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv, type = size, size_out = 157292 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv, type = size, size_out = 149292 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png, type = size, size_out = 4503 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png, type = size, size_out = 1551 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png, type = size, size_out = 19477 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png, type = size, size_out = 52251 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png, type = size, size_out = 27964 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png, type = size, size_out = 3808 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\msdbg2.dll, type = size, size_out = 3810 |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv, destination_filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF, size = 1048560, size_out = 6958 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6960 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, type = size, size_out = 12356 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, size = 1048560, size_out = 12356 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 12368 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF, type = size, size_out = 2280 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF, size = 1048560, size_out = 2280 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 2288 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF, type = size, size_out = 736 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 736 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 752 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF, type = size, size_out = 17308 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF, type = file_attributes |
|
1 |
Thread 0x674
512
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\BCD, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui, type = size, size_out = 87616 |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\da-DK\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\da-DK\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui, type = size, size_out = 91712 |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\de-DE\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\de-DE\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = size, size_out = 94800 |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\el-GR\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\el-GR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\bootmgr.exe.mui, type = size, size_out = 85056 |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\en-US\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\memtest.exe.mui, type = size, size_out = 43600 |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\memtest.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\en-US\memtest.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\en-US\memtest.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui, type = size, size_out = 90192 |
|
1 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\es-ES\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\chs_boot.ttf, destination_filename = C:\Boot\Fonts\chs_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\cht_boot.ttf, destination_filename = C:\Boot\Fonts\cht_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\ie8props.propdesc, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv, type = size, size_out = 2649 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\ie8props.propdesc, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\ie8props.propdesc.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\ie8props.propdesc, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 14872 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 14880 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 238 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
11 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID, type = size, size_out = 6970 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 6970 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF, size = 6976 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 4846 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID, size = 1048560, size_out = 4846 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 4848 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID, type = size, size_out = 9318 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID, size = 1048560, size_out = 9318 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9328 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID, type = size, size_out = 7567 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID, size = 1048560, size_out = 7567 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7568 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 |
Thread 0x678
249
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Thread 0x67c
445
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG1, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\jpn_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\bootex.log.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 1984228 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\jpn_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\jpn_boot.ttf, destination_filename = C:\Boot\Fonts\jpn_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml, type = size, size_out = 486 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\COMPASS\COMPASS.INF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF, type = size, size_out = 569 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\RICEPAPR\RICEPAPR.INF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
3 | |
| File | Create | filename = C:\Program Files\Internet Explorer\hmmapi.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 52736 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\hmmapi.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\hmmapi.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\hmmapi.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\called.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 75776 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\called.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\called.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\called.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
11 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID, type = size, size_out = 7384 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID, size = 1048560, size_out = 7384 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7392 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID, type = size, size_out = 12981 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID, size = 1048560, size_out = 12981 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 12992 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID, type = size, size_out = 9797 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID, size = 1048560, size_out = 9797 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9808 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID, type = size, size_out = 5843 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID, size = 1048560, size_out = 5843 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JNGLE_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5856 |
|
1 |
Thread 0x680
806
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\BCD.LOG2, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\es-ES\bootmgr.exe.mui, type = size, size_out = 0 |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\kor_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf, type = size, size_out = 2371360 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Move | source_filename = C:\Boot\Fonts\kor_boot.ttf, destination_filename = C:\Boot\Fonts\kor_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui, type = size, size_out = 93248 |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\fr-FR\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\fr-FR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui, type = size, size_out = 90688 |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\hu-HU\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\hu-HU\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui, type = size, size_out = 90704 |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\it-IT\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\it-IT\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui, type = size, size_out = 76352 |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\ja-JP\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\ja-JP\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 75344 |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\ko-KR\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll, destination_filename = C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\IACOM2.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\IACOM2.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSORES.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSORES.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OSETUP.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\OSETUP.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\PRJRES.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\PRJRES.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RICHED20.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RICHED20.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE, destination_filename = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\iecompat.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv, type = size, size_out = 7680 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\iecompat.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\iecompat.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\iecompat.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\iexplore.exe, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\iexplore.exe, type = size, size_out = 695056 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\iexplore.exe, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\iexplore.exe.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\iexplore.exe, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\jsdbgui.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsdbgui.dll, type = size, size_out = 505344 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsdbgui.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsdbgui.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\jsdbgui.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\jsdebuggeride.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsdebuggeride.dll, type = size, size_out = 144896 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsdebuggeride.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsdebuggeride.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\jsdebuggeride.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\JSProfilerCore.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\JSProfilerCore.dll, type = size, size_out = 132096 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\JSProfilerCore.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\JSProfilerCore.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\JSProfilerCore.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\jsprofilerui.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsprofilerui.dll, type = size, size_out = 287744 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsprofilerui.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\jsprofilerui.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\jsprofilerui.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\msdbg2.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\msdbg2.dll, type = size, size_out = 358904 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\msdbg2.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\msdbg2.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\msdbg2.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll, destination_filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmdlocal.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll, destination_filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msmgdsrv.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll, destination_filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\msolap100.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Internet Explorer\msdbg2.dll, size = 1048560, size_out = 666456 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 666464 |
|
1 | |
| File | Read | filename = C:\Program Files\Internet Explorer\msdbg2.dll, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
12 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 6165 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 6165 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6176 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID, type = size, size_out = 6331 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID, size = 1048560, size_out = 6331 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6336 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 234 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID, type = size, size_out = 7178 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID, size = 1048560, size_out = 7178 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 7184 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID, type = size, size_out = 8568 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID, size = 1048560, size_out = 8568 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 8576 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 |
Thread 0x684
555
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Get Handle | module_name = c:\windows\syswow64\kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Wow64DisableWow64FsRedirection, address_out = 0x76e4d650 |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\kor_boot.ttf, type = size, size_out = 89168 |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\cs-CZ\bootmgr.exe.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\cs-CZ\bootmgr.exe.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Boot\ko-KR\bootmgr.exe.mui, type = size, size_out = 47452 |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Boot\Fonts\wgl4_boot.ttf.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Boot\Fonts\wgl4_boot.ttf, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| System | Sleep | duration = 100 milliseconds (0.100 seconds) |
|
2 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml, type = size, size_out = 45528 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\CONCRETE\CONCRETE.ELM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM, type = size, size_out = 71388 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.ELM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF, type = size, size_out = 569 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\DEEPBLUE\DEEPBLUE.INF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM, type = size, size_out = 45262 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.ELM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF, type = size, size_out = 503 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECHO\ECHO.INF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM, type = size, size_out = 118577 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.ELM, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF, type = size, size_out = 595 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Common Files\Microsoft Shared\THEMES14\ECLIPSE\ECLIPSE.INF, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS, destination_filename = C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\ARFR\MSB1ARFR.ITS.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX, destination_filename = C:\Program Files\Common Files\Microsoft Shared\TRANSLAT\MSB1AR.LEX.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\VBA\VBA7\VBE7.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL, destination_filename = C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\FPSRVUTL.DLL.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\DVDMaker.exe, destination_filename = C:\Program Files\DVD Maker\DVDMaker.exe.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\OmdBase.dll, destination_filename = C:\Program Files\DVD Maker\OmdBase.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\OmdProject.dll, destination_filename = C:\Program Files\DVD Maker\OmdProject.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\Pipeline.dll, destination_filename = C:\Program Files\DVD Maker\Pipeline.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Move | source_filename = C:\Program Files\DVD Maker\PipeTran.dll, destination_filename = C:\Program Files\DVD Maker\PipeTran.dll.id-9C354B42.[btcdecoding@qq.com].dqb |
|
1 | |
| File | Get Info | filename = C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png, type = size, size_out = 7168 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\iedvtool.dll, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.id-9C354B42.[btcdecoding@qq.com].dqb, type = size, size_out = 1013248 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\iedvtool.dll, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Internet Explorer\iedvtool.dll.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Internet Explorer\iedvtool.dll, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 9322 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 9328 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF, type = size, size_out = 10562 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 10562 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF, size = 10576 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF.id-9C354B42.[btcdecoding@qq.com].dqb, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF, type = size, size_out = 6880 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID, size = 1048560, size_out = 6880 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 6896 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 | |
| File | Delete | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\MUSIC_01.MID |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID, desired_access = GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID, type = size, size_out = 5968 |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, type = file_attributes |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID, desired_access = GENERIC_WRITE, GENERIC_READ, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| File | Create | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, desired_access = GENERIC_WRITE |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID, size = 1048560, size_out = 5968 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 5984 |
|
1 | |
| File | Read | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID, size = 1048560, size_out = 0 |
|
1 | |
| File | Write | filename = C:\Program Files\Microsoft Office\CLIPART\PUB60COR\NBOOK_01.MID.id-9C354B42.[btcdecoding@qq.com].dqb, size = 236 |
|
1 |
Thread 0x688
249
0
| Category | Operation | Information | Success | Count | Logfile |
|---|
Process #10: ivttvf.exe
111
0
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\ivttvf.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ivttvf.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:19, Reason: Autostart |
| Unmonitor | End Time: 00:04:25, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x4e8 |
| Parent PID | 0x3a8 (c:\windows\system32\audiodg.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
4EC
|
Threads
Thread 0x4ec
111
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Module | Load | module_name = kernel32.dll, base_address = 0x76e20000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcAddress, address_out = 0x76e31222 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleHandleW, address_out = 0x76e334b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindNextFileW, address_out = 0x76e354ee |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindClose, address_out = 0x76e34442 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = MoveFileW, address_out = 0x76e49af0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileSizeEx, address_out = 0x76e359e2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetModuleFileNameW, address_out = 0x76e34950 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetFileAttributesW, address_out = 0x76e31b18 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExitProcess, address_out = 0x76e37a10 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCommandLineW, address_out = 0x76e35223 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameW, address_out = 0x76e3dd0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetComputerNameA, address_out = 0x76e4b6e0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateMutexW, address_out = 0x76e3424c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenW, address_out = 0x76e31700 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrlenA, address_out = 0x76e35a4b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcess, address_out = 0x76e31809 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForSingleObject, address_out = 0x76e31136 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLogicalDrives, address_out = 0x76e35371 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetTickCount, address_out = 0x76e3110c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteFileW, address_out = 0x76e389b3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WideCharToMultiByte, address_out = 0x76e3170d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = InitializeCriticalSectionAndSpinCount, address_out = 0x76e31916 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Sleep, address_out = 0x76e310ff |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = LeaveCriticalSection, address_out = 0x77df2270 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReadFile, address_out = 0x76e33ed3 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateFileW, address_out = 0x76e33f5c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenMutexW, address_out = 0x76e35151 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = EnterCriticalSection, address_out = 0x77df22b0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WaitForMultipleObjects, address_out = 0x76e34220 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiW, address_out = 0x76e4d5cd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = lstrcmpiA, address_out = 0x76e33e8e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = DeleteCriticalSection, address_out = 0x77e045f5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ReleaseMutex, address_out = 0x76e3111e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CloseHandle, address_out = 0x76e31410 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVersion, address_out = 0x76e34467 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateThread, address_out = 0x76e334d5 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = ExpandEnvironmentStringsW, address_out = 0x76e34173 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceCounter, address_out = 0x76e31725 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = QueryPerformanceFrequency, address_out = 0x76e341f0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetCurrentProcessId, address_out = 0x76e311f8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFileAttributesW, address_out = 0x76e4d4f7 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetVolumeInformationW, address_out = 0x76e4c860 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = WriteFile, address_out = 0x76e31282 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetFilePointerEx, address_out = 0x76e4c807 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetEndOfFile, address_out = 0x76e4ce2e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = FindFirstFileW, address_out = 0x76e34435 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetProcessHeap, address_out = 0x76e314e9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapReAlloc, address_out = 0x77e11f6e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapAlloc, address_out = 0x77dfe026 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = HeapFree, address_out = 0x76e314c9 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreatePipe, address_out = 0x76eb415b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SetHandleInformation, address_out = 0x76e4195c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateProcessW, address_out = 0x76e3103d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringW, address_out = 0x76e33bca |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CompareStringA, address_out = 0x76e33c5a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = OpenProcess, address_out = 0x76e31986 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = TerminateProcess, address_out = 0x76e4d802 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetSystemTime, address_out = 0x76e35a96 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = SystemTimeToFileTime, address_out = 0x76e35a7e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = GetLastError, address_out = 0x76e311c0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = CreateToolhelp32Snapshot, address_out = 0x76e5735f |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32NextW, address_out = 0x76e5896c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\kernel32.dll, function = Process32FirstW, address_out = 0x76e58baf |
|
1 | |
| Module | Load | module_name = advapi32.dll, base_address = 0x77100000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegOpenKeyExW, address_out = 0x7711468d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegQueryValueExW, address_out = 0x771146ad |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegSetValueExW, address_out = 0x771114d6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = RegCloseKey, address_out = 0x7711469d |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenProcessToken, address_out = 0x77114304 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = GetTokenInformation, address_out = 0x7711431c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenSCManagerW, address_out = 0x7710ca64 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = OpenServiceW, address_out = 0x7710ca4c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = CloseServiceHandle, address_out = 0x7711369c |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = ControlService, address_out = 0x77127144 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = QueryServiceStatus, address_out = 0x77112a86 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumDependentServicesW, address_out = 0x77101e3a |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\advapi32.dll, function = EnumServicesStatusExW, address_out = 0x7710b466 |
|
1 | |
| Module | Load | module_name = user32.dll, base_address = 0x76030000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\user32.dll, function = SystemParametersInfoW, address_out = 0x760490d3 |
|
1 | |
| Module | Load | module_name = Shell32.dll, base_address = 0x761d0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\shell32.dll, function = ShellExecuteExW, address_out = 0x761f1e46 |
|
1 | |
| Module | Load | module_name = ntdll.dll, base_address = 0x77dd0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ntdll.dll, function = NtQuerySystemInformation, address_out = 0x77defda0 |
|
1 | |
| Module | Load | module_name = mpr.dll, base_address = 0x739f0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetCloseEnum, address_out = 0x739f2dd6 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetOpenEnumW, address_out = 0x739f2f06 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\mpr.dll, function = WNetEnumResourceW, address_out = 0x739f3058 |
|
1 | |
| Module | Load | module_name = ws2_32.dll, base_address = 0x76f60000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = WSAStartup, address_out = 0x76f63ab2 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = socket, address_out = 0x76f63eb8 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = send, address_out = 0x76f66f01 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = recv, address_out = 0x76f66b0e |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = connect, address_out = 0x76f66bdd |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = closesocket, address_out = 0x76f63918 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = gethostbyname, address_out = 0x76f77673 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = inet_addr, address_out = 0x76f6311b |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = ntohl, address_out = 0x76f62d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htonl, address_out = 0x76f62d57 |
|
1 | |
| Module | Get Address | module_name = c:\windows\syswow64\ws2_32.dll, function = htons, address_out = 0x76f62d8b |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 6830337762 |
|
1 | |
| System | Get Time | type = Ticks, time = 25069 |
|
3 | |
| System | Get Info | type = Operating System |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_5M390TA, desired_access = SYNCHRONIZE |
|
1 | |
| Mutex | Open | mutex_name = Global\syncronize_5M390TU, desired_access = SYNCHRONIZE |
|
1 | |
| System | Get Info | type = Operating System |
|
1 |
Process #11: cmd.exe
281
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\system32\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:24, Reason: Child Process |
| Unmonitor | End Time: 00:04:33, Reason: Self Terminated |
| Monitor Duration | 00:00:09 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x540 |
| Parent PID | 0x4e0 (c:\programdata\microsoft\windows\start menu\programs\startup\ivttvf.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
544
|
Threads
Thread 0x544
281
0
| Category | Operation | Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| System | Get Time | type = System Time, time = 2019-07-07 23:43:35 (UTC) |
|
1 | |
| System | Get Time | type = Ticks, time = 28126 |
|
1 | |
| System | Get Time | type = Performance Ctr, time = 7137270783 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\cmd.exe, base_address = 0x4a840000 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetThreadUILanguage, address_out = 0x77ae6d40 |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| Environment | Get Environment String | - |
|
2 | |
| Registry | Open Key | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 24, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor, value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Registry | Open Key | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Registry | Read Value | reg_name = HKEY_CURRENT_USER\Software\Microsoft\Command Processor, value_name = AutoRun, data = 9, type = REG_NONE |
|
1 | |
| Module | Get Filename | process_name = c:\windows\system32\cmd.exe, file_name_orig = C:\Windows\system32\cmd.exe, size = 260 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Environment | Get Environment String | name = PROMPT |
|
1 | |
| Environment | Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Environment | Get Environment String | name = KEYS |
|
1 | |
| File | Get Info | filename = C:\Windows\system32, type = file_attributes |
|
1 | |
| File | Get Info | filename = C:\Windows\System32, type = file_attributes |
|
1 | |
| Environment | Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| System | Get Info | type = Operating System |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 63 |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Module | Get Handle | module_name = c:\windows\system32\kernel32.dll, base_address = 0x77ad0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = CopyFileExW, address_out = 0x77ae23d0 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = IsDebuggerPresent, address_out = 0x77ad8290 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\kernel32.dll, function = SetConsoleInputExeNameW, address_out = 0x77ae17e0 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 24 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\mode.com, os_pid = 0x60c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Module | Load | module_name = NTDLL.DLL, base_address = 0x77bf0000 |
|
1 | |
| Module | Get Address | module_name = c:\windows\system32\ntdll.dll, function = NtQueryInformationProcess, address_out = 0x77c414a0 |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\mode.com, address = 8796092887040, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 36 |
|
1 | |
| Environment | Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Environment | Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Process | Create | process_name = C:\Windows\system32\vssadmin.exe, os_pid = 0x654, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Environment | Set Environment String | name = COPYCMD |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Process | Get Info | type = PROCESS_BASIC_INFORMATION |
|
1 | |
| Memory | Read | process_name = C:\Windows\system32\vssadmin.exe, address = 8796092887040, size = 896 |
|
1 | |
| Environment | Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| Environment | Set Environment String | name = =ExitCodeAscii |
|
1 | |
| Environment | Get Environment String | - |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
2 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 2 |
|
1 | |
| Environment | Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 20 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Read | filename = STD_INPUT_HANDLE, size = 1, size_out = 1 |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_INPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_INPUT_HANDLE |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Get Info | filename = STD_OUTPUT_HANDLE, type = file_type |
|
1 | |
| File | Open | filename = STD_OUTPUT_HANDLE |
|
1 | |
| File | Write | filename = STD_OUTPUT_HANDLE, size = 5 |
|
1 |
Process #12: mode.com
0
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\system32\mode.com |
| Command Line | mode con cp select=1251 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:27, Reason: Child Process |
| Unmonitor | End Time: 00:04:28, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x60c |
| Parent PID | 0x540 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
610
|
Process #13: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\system32\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:04:27, Reason: Child Process |
| Unmonitor | End Time: 00:04:33, Reason: Self Terminated |
| Monitor Duration | 00:00:05 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x654 |
| Parent PID | 0x540 (c:\windows\system32\cmd.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
658
0x
6B0
0x
6C4
0x
6CC
0x
6D0
|
