Logfile Output
Occurrences
World IP Map
Involved Hosts
| Domain | IP | Used | Country | City |
|---|---|---|---|---|
| update.microsoft.com | 157.56.96.56, 191.232.80.55 | domain/ip_address | - | - |
| time.windows.com | 137.170.185.211 | domain/ip_address | US | Donnelsville |
| IP not resolvable | 157.56.96.56 | ip_address | US | Redmond |
Behavior Information
| ID | #1 |
| OS PID | 0xb50 |
| OS Parent PID | 0x830 |
| Image Name | 089c5446291c9145ad8ac6c1cdfe4928.exe |
| Page Root | 0x79d9e000 |
| Monitor Reason | analysis_target |
| Unmonitor Reason | self_terminated |
| CMD Line | "C:\Users\user\Desktop\089c5446291c9145ad8ac6c1cdfe4928.exe" |
| Current Directory | C:\Users\user\Desktop\ |
Host Behavior
| Operation | File | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE_MAPPING | System Paging File | maximum_size = 0x61646, protection = PAGE_READWRITE |  | 1 | Bin
Fn
|
| CREATE_MAPPING | System Paging File | maximum_size = 0x8000, protection = PAGE_EXECUTE_READWRITE, SEC_COMMIT | | 1 | Bin
Fn
|
| FIND | C:\Program Files\Agnitum\* | - |  | 1 | Bin
Fn
|
| OPEN_MAPPING | \BaseNamedObjects\ShimSharedMemory | - | | 1 | Bin
Fn
|
| OPEN_MAPPING | \BaseNamedObjects\windows_shell_global_counters | - | | 1 | Bin
Fn
|
| Operation | Key | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography | - | | 1 | Bin
Fn
|
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography | value_name = MachineGuid, data = 5b914348-258a-4617-b462-d107efea3e7b | | 1 | Bin
Fn
|
| Operation | Process | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| ENUMERATE | - | - | | 2 | Bin
Fn
|
| OPEN | c:\windows\explorer.exe | os_pid = 0x830, desired_access = PROCESS_VM_READ, PROCESS_QUERY_INFORMATION | | 1 | Bin
Fn
|
| Operation | Address | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| READ | 0x7fffffd4018 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x777a2650 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1925e0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x192472 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1926d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x77785418 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x192a50 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x192a28 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x192bc0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x192b98 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1938b0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x193888 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1939f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1939c8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x193e80 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x193e58 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x193cf0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x193c88 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a49d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a49a8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a4b10 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a4ae8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a4c40 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a4c28 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a4d80 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a4d58 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a4ec0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a4e98 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a5000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a4fd8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a5940 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a5918 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a5a80 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a5a58 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a5e90 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a5e58 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a6fb0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a5fd8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a70a0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6028 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7190 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6118 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7280 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6168 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7370 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a61b8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7460 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6208 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7550 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6258 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7640 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a62a8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7730 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a62f8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7820 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6348 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7910 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a5c08 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7af0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a7ad0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7be0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a63e8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7cd0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6438 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7dc0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6488 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a7eb0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6618 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8180 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6668 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8270 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1ce640 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8360 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1bf168 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8540 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6708 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a89f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6e88 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8ae0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1a6ed8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8bd0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3768 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8cc0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3858 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1a8db0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d38f8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1eec70 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3998 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1eed60 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3a38 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1eee50 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3b28 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1eef40 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1dceb8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef030 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3ee8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef120 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3f88 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef210 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d3f38 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef4e0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d4348 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef5d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x2091e8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef6c0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d4398 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef7b0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d4578 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef8a0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x216cf8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1ef990 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x221bf8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1efc60 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x221f18 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1efd50 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x221f68 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1eff30 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x2784c8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1f05c0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x278928 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1f06b0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x23f308 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1f0a70 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29f2398 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1f0980 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29f23e8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x1f0890 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29f2438 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x286d40 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29f2488 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x286e30 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29d9b58 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x287010 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29e97e8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x287100 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29e9888 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x2871f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29e9a18 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x2872e0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29e9ab8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x2873d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29e9b08 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x2874c0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29ea0a8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x2875b0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29d8d88 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x2876a0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x29ccf56 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x287790 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x2a33468 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x287880 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x2a33558 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x287b50 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x2a3b528 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x288870 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x2a34138 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x288a50 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3d7dfb8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da5460 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x28b9b8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da69f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddbfd8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da6ae0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc028 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da6bd0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc118 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da6cc0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc168 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da6db0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc2a8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da6ea0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc1b8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3da6f90 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc488 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deae90 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc708 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deaf80 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ddc7a8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb070 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3dd8b78 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb160 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3dd0a38 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb250 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d44d8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb340 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3d81cf8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb430 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3d81d78 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb520 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3df1a98 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb610 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3d81df8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb700 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3d81e78 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb7f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x2a5e1a8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb8e0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3df1b28 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3deb9d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1b748 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3debac0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1b798 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3debbb0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1b838 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3debca0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1b9c8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3debd90 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bb08 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3debe80 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bbf8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3debf70 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e23ac8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec060 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bc48 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec150 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bc98 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec240 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bd38 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec330 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bec8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec420 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bf68 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec510 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1bfb8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec6f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c0f8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec7e0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c148 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec9c0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c238 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3decab0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c288 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3decba0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c2d8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3decc90 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c738 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec8d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c9b8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3dec600 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1cf08 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e52f40 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1c198 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53030 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1d1d8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53120 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1ce18 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53210 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1d2c8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53300 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e1d408 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e533f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x1d40c8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e534e0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e63df8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e535d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e50158 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e537b0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64488 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53990 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64118 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e536c0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3d825f8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e538a0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e641b8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53a80 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64208 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53b70 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e7d458 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53c60 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e645c8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53d50 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64a78 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53e40 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64b18 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e53f30 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64c58 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e54020 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64ed8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e54200 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64f28 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e542f0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e64fc8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e543e0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e650b8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e546b0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3ed9218 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x3e544d0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 32 | Bin
Fn
|
| READ | 0x3e763f8 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x6e | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 16 | Bin
Fn
|
| READ | 0x77450000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x774d3380 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x77550000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 7 | Bin
Fn
|
| READ | 0x775efffc | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 5 | Bin
Fn
|
| READ | 0x0 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x10000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x20000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x22000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x30000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x34000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x40000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x42000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x50000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x51000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x60000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0xc7000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0xd0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0xd6000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0xe0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0xe1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0xf0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x15c000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x15e000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x170000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x171000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x180000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x18d000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x190000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x290000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x291000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2d0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2d1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2e0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2e2000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2f0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2f1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x300000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x302000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x310000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x311000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x320000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x322000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x330000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x332000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x340000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x341000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x350000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x360000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x386000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x460000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x463000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x5e0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x5e3000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x5e8000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x5f0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x771000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x780000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7a0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1b80000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1b90000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1ba0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1bb0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1bb2000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1bc0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c02000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c10000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c11000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c20000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c23000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c30000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c31000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c40000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1c65000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1cc0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1d9f000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1da0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1dfc000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1e00000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1e2e000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1e30000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1e9a000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1e9c000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1eb0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1eb1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1ec0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1ec9000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1ed0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1f3f000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1f42000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x1f50000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x221f000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2220000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2328000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2330000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x238a000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2390000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x23d2000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x23e0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x23e1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x24e0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x24e8000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x24f0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2517000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x2520000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0xffa00000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 9 | Bin
Fn
|
| READ | 0xffa01000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 9 | Bin
Fn
|
| READ | 0x77670000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 4 | Bin
Fn
|
| READ | 0x77671000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 3 | Bin
Fn
|
| READ | 0x77551000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x7fefd540000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x7fefd541000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x7fefd870000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x7fefd871000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x7feff8c0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x7feff8c1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| READ | 0x77776270 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe290000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe291000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7feff790000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7feff791000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefda70000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefda71000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x77451000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefdd90000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefdd91000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7feff6c0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7feff6c1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe040000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe041000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe930000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe931000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe720000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe721000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe2b0000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| READ | 0x7fefe2b1000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| Operation | Module | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| MAP | oIE9wIn | os_pid = 0xb50, process_name = c:\users\user\desktop\089c5446291c9145ad8ac6c1cdfe4928.exe, desired_access = FILE_MAP_WRITE, address = 0xb60000, map_size = 0x61646 | | 1 | Bin
Fn
|
| MAP | - | process_name = current_Process, protection = PAGE_READWRITE, address = 0x23f3cc | | 1 | Bin
Fn
|
| MAP | 5b914348- | os_pid = 0xb50, process_name = c:\users\user\desktop\089c5446291c9145ad8ac6c1cdfe4928.exe, desired_access = FILE_MAP_ALL_ACCESS, address = 0x130000, map_size = 0x0 | | 1 | Bin
Fn
|
| UNMAP | 0x130000 | os_pid = 0xb50, process_name = c:\users\user\desktop\089c5446291c9145ad8ac6c1cdfe4928.exe | | 1 | Bin
Fn
|
| UNMAP | 0x120000 | process_name = current_Process | | 1 | Bin
Fn
|
| UNMAP | 0xb60000 | os_pid = 0xb50, process_name = c:\users\user\desktop\089c5446291c9145ad8ac6c1cdfe4928.exe | | 1 | Bin
Fn
|
| Operation | Class Name | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | Dialog1 | - | | 1 | Bin
Fn
|
| FIND | Shell_TrayWnd | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| GET_RANDOM | 0x23f6c0 | result_out = 0x5593e | | 1 | Bin
Fn
|
| GET_RANDOM | 0x23f6c0 | result_out = 0x1361b816 | | 1 | Bin
Fn
|
| GET_RANDOM | 0x23f6c0 | result_out = 0x67714df2 | | 1 | Bin
Fn
|
| GET_RANDOM | 0x23f6c0 | result_out = 0x3d86591b | | 1 | Bin
Fn
|
| GET_RANDOM | 0x23f6c0 | result_out = 0x320a3b6 | | 1 | Bin
Fn
|
| GET_RANDOM | 0x23f6c0 | result_out = 0x7ddb7988 | | 1 | Bin
Fn
|
| GET_RANDOM | 0x23f6c0 | result_out = 0x798e5345 | | 1 | Bin
Fn
|
| GET_TIME | Ticks | result_out = 0xf008 | | 1 | Bin
Fn
|
| GET_TIME | Ticks | result_out = 0xf018 | | 397 | Bin
Fn
|
| GET_TIME | Ticks | result_out = 0xf21b | | 1 | Bin
Fn
|
| Operation | Name | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| OPEN | Global\5b914348-258a-4617-b462-d107efea3e7bgfdgfdgdfg830 | - | | 1 | Bin
Fn
|
| Operation | Environment Variable | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET | SystemDrive | result_out = C: | | 1 | Bin
Fn
|
| ID | #2 |
| OS PID | 0x830 |
| OS Parent PID | 0xffffffffffffffff |
| Image Name | explorer.exe |
| Page Root | 0x110ef000 |
| Monitor Reason | injection |
| Unmonitor Reason | self_terminated |
| CMD Line | C:\Windows\Explorer.EXE |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | File | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | C:\Users\user\AppData\Local\Temp\2625.tmp | - | | 1 | Bin
Fn
|
| DELETE | - | - | | 1 | Bin
Fn
|
| DELETE | C:\Users\user\Desktop\089c5446291c9145ad8ac6c1cdfe4928.exe | - | | 1 | Bin
Fn
|
| DELETE | C:\Users\user\AppData\Local\Temp\2625.tmp | - | | 1 | Bin
Fn
|
| COPY | C:\Users\user\AppData\Local\Temp\2625.tmp | source_file = C:\Windows\system32\unattend.dll | | 1 | Bin
Fn
|
| CREATE_MAPPING | System Paging File | maximum_size = 0x8000, protection = PAGE_EXECUTE_READWRITE, SEC_COMMIT | | 1 | Bin
Fn
|
| CREATE_MAPPING | C:\Users\user\AppData\Local\Temp\2625.tmp | maximum_size = 0x0, protection = PAGE_READWRITE | | 1 | Bin
Fn
|
| CREATE_TMPFILE | C:\Users\user\AppData\Local\Temp\2625.tmp | - | | 1 | Bin
Fn
|
| GET_TMPDIR | C:\Users\user\AppData\Local\Temp\ | - | | 1 | Bin
Fn
|
| OPEN_MAPPING | oIE9wIn | - | | 1 | Bin
Fn
|
| Operation | Key | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography | - | | 1 | Bin
Fn
|
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography | value_name = MachineGuid, data = 5b914348-258a-4617-b462-d107efea3e7b | | 1 | Bin
Fn
|
| Operation | Process | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | C:\Windows\system32\sysprep\sysprep.exe | os_pid = 0x7d4, show_window = SW_SHOW | | 1 | Bin
Fn
|
| Operation | Module | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| MAP | oIE9wIn | os_pid = 0x830, process_name = c:\windows\explorer.exe, desired_access = FILE_MAP_ALL_ACCESS, address = 0x5f10000, map_size = 0x61646 | | 1 | Bin
Fn
|
| MAP | 5b914348-25 | os_pid = 0x830, process_name = c:\windows\explorer.exe, desired_access = FILE_MAP_ALL_ACCESS, address = 0x5d20000, map_size = 0x0 | | 1 | Bin
Fn
|
| MAP | System Paging File | os_pid = 0x830, process_name = c:\windows\explorer.exe, desired_access = FILE_MAP_ALL_ACCESS, address = 0x5d20000, map_size = 0x0 | | 1 | Bin
Fn
|
| UNMAP | 0x5d20000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 2 | Bin
Fn
|
| UNMAP | 0x5f10000 | os_pid = 0x830, process_name = c:\windows\explorer.exe | | 1 | Bin
Fn
|
| Operation | User/Group/Server | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| LOOKUP_PRIVILEGE | localhost | privilege_name = SeShutdownPrivilege | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| GET_INFO | System directory | result_out = C:\Windows\system32 | | 1 | Bin
Fn
|
| GET_RANDOM | 0x6c1fd88 | result_out = 0x130dd9ab | | 1 | Bin
Fn
|
| GET_TIME | Ticks | result_out = 0x12625 | | 1 | Bin
Fn
|
| GET_TIME | Ticks | result_out = 0x12e40 | | 1 | Bin
Fn
|
| SLEEP | 0x3e8 | - | | 1 | Bin
Fn
|
| SLEEP | 0x12c | - | | 1 | Bin
Fn
|
| SLEEP | 0x6544b | - | | 1 | Bin
Fn
|
| POWERCTRL | EWX_REBOOT, EWX_FORCE | - | | 1 | Bin
Fn
|
| ID | #4 |
| OS PID | 0x7d4 |
| OS Parent PID | 0x830 |
| Image Name | sysprep.exe |
| Page Root | 0x76c87000 |
| Monitor Reason | child_process |
| Unmonitor Reason | self_terminated |
| CMD Line | "C:\Windows\system32\sysprep\sysprep.exe" |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | File | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | \\.\GLOBALROOT\ArcName\multi(0)disk(0)rdisk(0)partition(1) | - | | 2 | Bin
Fn
|
| CREATE | \\.\PhysicalDrive0 | - | | 6 | Bin
Fn
|
| WRITE | \\.\PhysicalDrive0 | - | | 2 | Bin
Fn
|
| OPEN_MAPPING | oIE9wIn | - | | 1 | Bin
Fn
|
| Operation | Module | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| MAP | oIE9wIn | os_pid = 0x7d4, process_name = c:\windows\system32\sysprep\sysprep.exe, desired_access = FILE_MAP_ALL_ACCESS, address = 0x1d0000, map_size = 0x61646 | | 1 | Bin
Fn
|
| UNMAP | 0x1d0000 | os_pid = 0x7d4, process_name = c:\windows\system32\sysprep\sysprep.exe | | 1 | Bin
Fn
|
| Operation | Driver | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CONTROL | \\.\GLOBALROOT\ArcName\multi(0)disk(0)rdisk(0)partition(1) | control_code = 0x70048 | | 2 | Bin
Fn
|
| CONTROL | \\.\GLOBALROOT\ArcName\multi(0)disk(0)rdisk(0)partition(1) | control_code = 0x2d1080 | | 2 | Bin
Fn
|
| CONTROL | \\.\PhysicalDrive0 | control_code = 0x70000 | | 6 | Bin
Fn
|
| CONTROL | \\.\PhysicalDrive0 | control_code = 0x700a0 | | 4 | Bin
Fn
|
| ID | #5 |
| OS PID | 0x4 |
| OS Parent PID | 0xffffffffffffffff |
| Image Name | SYSTEM |
| Page Root | 0x00187000 |
| Monitor Reason | kernel_analysis |
| Unmonitor Reason | (still running) |
| CMD Line | - |
| Current Directory | - |
Host Behavior
| Operation | File | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | \Device\HarddiskVolume1 | - | | 1 | Bin
Fn
|
| CREATE | \Device\Harddisk0\DR0 | - | | 2 | Bin
Fn
|
| CREATE | \Device\HarddiskVolume2 | - | | 1 | Bin
Fn
|
| CREATE | \??\C:\System Volume Information\{0052009a-da41-5ffa-89bd-9f9f6b830ac5} | - | | 1 | Bin
Fn
|
| CREATE | \??\C:\System Volume Information\{0052009a-da41-5ffa-89bd-9f9f6b830ac5} | - | | 2 | Bin
Fn
|
| WRITE | \??\C:\System Volume Information\{0052009a-da41-5ffa-89bd-9f9f6b830ac5} | - | | 1983 | Bin
Fn
|
| WRITE | \??\C:\System Volume Information\{0052009a-da41-5ffa-89bd-9f9f6b830ac5} | - | | 534 | Bin
Fn
|
| SET_INFO | \??\C:\System Volume Information\{0052009a-da41-5ffa-89bd-9f9f6b830ac5} | - | | 370 | Bin
Fn
|
| SET_INFO | \??\C:\System Volume Information\{0052009a-da41-5ffa-89bd-9f9f6b830ac5} | - | | 66 | Bin
Fn
|
| Operation | Key | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion | - | | 1 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion | - | | 1 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CFCD29B3-A836-426F-8329-8362EC941293} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B22E8C55-CC74-4FBE-B907-F46D25953BEC} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D403E7A-7554-4DD5-A8CF-7099B00A9E2D} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CACEFAA3-95D9-4B5B-B275-FF35DF23713E} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D720734D-0C14-4C25-829D-F6B4814978B3} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1C5BF427-3CBA-4599-A970-6F5C2EB7E2E2} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37B932CB-736B-42BF-AABE-1D5EAE57F920} | - | | 2 | Bin
Fn
|
| OPEN_KEY | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{50CD5E3E-0F08-4519-A9EF-B9802ED12701} | - | | 1 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion | value_name = SystemRoot | | 1 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion | value_name = SystemRoot | | 1 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = IPAddress | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpIPAddress | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpIPAddress | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DefaultGateway | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpDefaultGateway | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpDefaultGateway | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = SubnetMask | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpSubnetMask | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpSubnetMask | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = NameServer | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpNameServer | | 2 | Bin
Fn
|
| READ_VALUE | \Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{90CF4272-4C90-4C32-AB8B-72465DB1CA78} | value_name = DhcpNameServer | | 2 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| GET_INFO | SYSTEM_BASIC_INFORMATION | - | | 1 | Bin
Fn
|
| ID | #17 |
| OS PID | 0x24c |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x1bfad000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k DcomLaunch |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #18 |
| OS PID | 0x290 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x1bde4000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k RPCSS |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #19 |
| OS PID | 0x2c0 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x1b5af000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #21 |
| OS PID | 0x344 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x19f79000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #22 |
| OS PID | 0x370 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x15742000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k LocalService |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #23 |
| OS PID | 0x398 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x1570c000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k netsvcs |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #24 |
| OS PID | 0x3e0 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x15054000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k GPSvcGroup |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #28 |
| OS PID | 0x428 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x1613d000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k NetworkService |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Key | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| OPEN_KEY | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | - | | 1 | Bin
Fn
|
| OPEN_KEY | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | - | | 1 | Bin
Fn
|
| READ_VALUE | HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | value_name = Shell, data = 0x0 | | 1 | Bin
Fn
|
| READ_VALUE | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | value_name = Shell, data = explorer.exe | | 1 | Bin
Fn
|
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 6 | Bin
Fn
|
| TERMINATE | - | - | | 6 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
Network Behavior
| Remote Address | Remote Port | Username | Password | Success | Amount |
|---|---|---|---|---|---|
| 157.56.96.56 | 80 | - | - | | 1 |
| Method | URL | Success | Amount |
|---|---|---|---|
| GET | http://157.56.96.56/ | | 1 |
| Operation | Host | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| RESOLVE_NAME | www.update.microsoft.com | host = 157.56.96.56, 191.232.80.55 | | 1 | Bin
Fn
|
| RESOLVE_NAME | time.windows.com | host = 137.170.185.211 | | 1 | Bin
Fn
|
| Remote Address | Remote Port | L7Protocol | Success | Amount |
|---|---|---|---|---|
| 157.56.96.56 | 80 | - | | 1 |
| ID | #31 |
| OS PID | 0x4c4 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x15e73000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #32 |
| OS PID | 0x570 |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x148f0000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|
| ID | #34 |
| OS PID | 0x73c |
| OS Parent PID | 0x1c0 |
| Image Name | svchost.exe |
| Page Root | 0x0f58c000 |
| Monitor Reason | child_process |
| Unmonitor Reason | (still running) |
| CMD Line | C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted |
| Current Directory | C:\Windows\system32\ |
Host Behavior
| Operation | Thread ID | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| CREATE | - | - | | 1 | Bin
Fn
|
| TERMINATE | - | - | | 1 | Bin
Fn
|
| Operation | Info | Additional Information | Success | Amount | Logfile |
|---|---|---|---|---|---|
| GET_INFO | OS | operating_system = Windows 7 / Windows Server 2008 R2, os_build = 0x1db1, platform_id = VER_PLATFORM_WIN32_NT | | 1 | Bin
Fn
|